VYPR

Hawki

by Hawk Digital Environments

Source repositories

CVEs (3)

  • CVE-2024-25977HigMay 29, 2024
    risk 0.40cvss 7.3epss 0.01

    The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's…

  • CVE-2024-25975MedMay 29, 2024
    risk 0.35cvss 6.5epss 0.01

    The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be…

  • CVE-2024-25976MedMay 29, 2024
    risk 0.33cvss 6.1epss 0.01

    When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file…