VYPR
Vendor

Kodbox

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2023-39691CriJan 16, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator accounts via crafted GET request.

  • CVE-2023-48028CriNov 18, 2023
    risk 0.64cvss 9.8epss 0.01

    kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.

  • CVE-2023-29790HigMay 12, 2023
    risk 0.49cvss 7.5epss 0.01

    kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue.

  • CVE-2023-52068MedJan 16, 2024
    risk 0.40cvss 6.1epss 0.00

    kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs.

  • CVE-2023-29791MedMay 11, 2023
    risk 0.40cvss 6.1epss 0.00

    kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information.

  • CVE-2023-3607MedJul 10, 2023
    risk 0.36cvss 5.5epss 0.06

    A vulnerability was found in kodbox 1.26. It has been declared as critical. This vulnerability affects the function Execute of the file webconsole.php.txt of the component WebConsole Plug-In. The manipulation leads to os command injection. The exploit has been disclosed to the…

  • CVE-2023-52069MedJan 17, 2024
    risk 0.35cvss 5.4epss 0.00

    kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter.

  • CVE-2023-45998MedOct 23, 2023
    risk 0.35cvss 5.4epss 0.00

    kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS.

  • CVE-2024-51037MedNov 15, 2024
    risk 0.34cvss 5.3epss 0.00

    An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function.