VYPR

Appspace

by Appspace

CVEs (6)

  • CVE-2021-27670CriFeb 25, 2021
    risk 0.69cvss 9.8epss 0.61

    Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.

  • CVE-2021-27990HigApr 14, 2021
    risk 0.49cvss 7.5epss 0.01

    Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.

  • CVE-2021-27704MedNov 12, 2024
    risk 0.42cvss 6.5epss 0.00

    Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page.

  • CVE-2020-5393MedJan 7, 2020
    risk 0.40cvss 6.1epss 0.01

    In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS.

  • CVE-2021-27989MedApr 14, 2021
    risk 0.35cvss 5.4epss 0.01

    Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.

  • CVE-2021-27564MedFeb 22, 2021
    risk 0.35cvss 5.4epss 0.01

    A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes.