VYPR
Vendor

Gladysassistant

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2024-47210HigSep 21, 2024
    risk 0.50cvss 8.8epss 0.01

    Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js.

  • CVE-2023-43256Sep 25, 2023
    risk 0.00cvss epss 0.01

    A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input.