VYPR

Web Console

by Rubyonrails

Source repositories

CVEs (2)

  • CVE-2015-3224Jul 26, 2015
    risk 0.07cvss epss 0.45

    request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted…

  • CVE-2021-41943Dec 12, 2022
    risk 0.00cvss epss 0.00

    Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a new Contextualize Action -> Inject your HTML tag in the name field.