VYPR

Bonita

by Bonitasoft

Source repositories

CVEs (2)

  • CVE-2022-25237May 27, 2022
    risk 0.07cvss epss 0.56

    Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access…

  • CVE-2024-26542Feb 27, 2024
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field.