sysPass
by Nuxsmin
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000192 | Cri | 0.64 | 9.8 | 0.01 | Nov 17, 2017 | Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other… | ||
| CVE-2024-42904 | Med | 0.40 | 6.1 | 0.00 | Sep 3, 2024 | A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php. | ||
| CVE-2022-4930 | Low | 0.00 | 3.5 | 0.01 | Mar 6, 2023 | A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version… |
- risk 0.64cvss 9.8epss 0.01
Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other…
- risk 0.40cvss 6.1epss 0.00
A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php.
- risk 0.00cvss 3.5epss 0.01
A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version…