VYPR

Sicuro24 SicuroWeb

by Beghelli

CVEs (3)

  • CVE-2026-41468HigApr 22, 2026
    risk 0.57cvss 8.7epss 0.00

    Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary…

  • CVE-2026-41469MedApr 22, 2026
    risk 0.34cvss 5.2epss 0.00

    Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application,…

  • CVE-2026-22191MedMar 13, 2026
    risk 0.34cvss 5.2epss 0.00

    Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are…