VYPR

Iris Web

by Dfir Iris

Source repositories

CVEs (13)

  • CVE-2013-1744CriJan 25, 2020
    risk 0.67cvss 9.8epss 0.05

    IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands.

  • CVE-2026-41522HigJun 4, 2026
    risk 0.46cvss epss 0.00

    Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at `/graphql` that does not enforce the same authorization checks as the REST API. Any…

  • CVE-2026-42539MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch.

  • CVE-2026-42538MedJun 4, 2026
    risk 0.41cvss 6.3epss 0.00

    IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also…

  • CVE-2023-30615MedMay 25, 2023
    risk 0.41cvss 6.3epss 0.00

    Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to…

  • CVE-2026-42547MedJun 4, 2026
    risk 0.35cvss 5.4epss 0.00

    IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers.…

  • CVE-2026-42329MedJun 4, 2026
    risk 0.31cvss 4.7epss 0.00

    Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28…

  • CVE-2023-50712MedDec 22, 2023
    risk 0.30cvss 4.6epss 0.00

    Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability…

  • CVE-2026-42543MedJun 4, 2026
    risk 0.28cvss 4.3epss 0.00

    IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method `GET` to change state on the server. Version 2.4.28…

  • CVE-2026-42540MedJun 4, 2026
    risk 0.28cvss 4.3epss 0.00

    IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch.

  • CVE-2026-22783Jan 12, 2026
    risk 0.00cvss epss 0.00

    Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name field combined with path trust in…

  • CVE-2024-25624Apr 25, 2024
    risk 0.00cvss epss 0.01

    Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web` is prone to a Server Side Template Injection (SSTI). Successful exploitation…

  • CVE-2024-25640Feb 19, 2024
    risk 0.00cvss epss 0.00

    Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may…