Appspace
by Appspace
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-27670 | Cri | 0.69 | 9.8 | 0.61 | Feb 25, 2021 | Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. | ||
| CVE-2021-27990 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2021 | Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities. | ||
| CVE-2021-27704 | Med | 0.42 | 6.5 | 0.00 | Nov 12, 2024 | Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page. | ||
| CVE-2020-5393 | Med | 0.40 | 6.1 | 0.01 | Jan 7, 2020 | In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS. | ||
| CVE-2021-27989 | Med | 0.35 | 5.4 | 0.01 | Apr 14, 2021 | Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx. | ||
| CVE-2021-27564 | Med | 0.35 | 5.4 | 0.01 | Feb 22, 2021 | A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes. |
- risk 0.69cvss 9.8epss 0.61
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
- risk 0.49cvss 7.5epss 0.01
Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.
- risk 0.42cvss 6.5epss 0.00
Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page.
- risk 0.40cvss 6.1epss 0.01
In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS.
- risk 0.35cvss 5.4epss 0.01
Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.
- risk 0.35cvss 5.4epss 0.01
A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes.