VYPR

Oqtane.framework

by Oqtane

nuget: oqtane.framework

Source repositories

CVEs (3)

  • CVE-2024-55470HigDec 20, 2024
    risk 0.42cvss 7.5epss 0.00

    Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation…

  • CVE-2024-55471MedDec 20, 2024
    risk 0.35cvss 6.5epss 0.00

    Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter.

  • CVE-2024-55186MedDec 20, 2024
    risk 0.21cvss 4.3epss 0.00

    An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive…