Agorum core open
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-52164 | Hig | 0.53 | 8.2 | 0.00 | Jul 18, 2025 | Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext. | ||
| CVE-2025-52169 | Hig | 0.46 | 7.1 | 0.00 | Jul 18, 2025 | agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. | ||
| CVE-2025-52163 | Med | 0.42 | 6.5 | 0.00 | Jul 18, 2025 | A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This can lead to sensitive data exposure. | ||
| CVE-2025-52168 | Med | 0.42 | 6.5 | 0.00 | Jul 18, 2025 | Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system. | ||
| CVE-2025-52162 | Med | 0.42 | 6.5 | 0.00 | Jul 18, 2025 | agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input. |
- risk 0.53cvss 8.2epss 0.00
Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.
- risk 0.46cvss 7.1epss 0.00
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.
- risk 0.42cvss 6.5epss 0.00
A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This can lead to sensitive data exposure.
- risk 0.42cvss 6.5epss 0.00
Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system.
- risk 0.42cvss 6.5epss 0.00
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input.