VYPR
Vendor

MESbook

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2024-6424CriJul 1, 2024
    risk 0.60cvss 9.3epss 0.00

    External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST" or "/api/Proxy/Get?userName=&password=&uri=<ARCHIVO|URL…

  • CVE-2024-6425CriJul 1, 2024
    risk 0.59cvss 9.1epss 0.01

    Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=&Password=<PASSWO…

  • CVE-2024-6426HigJul 3, 2024
    risk 0.53cvss 8.1epss 0.00

    Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which could allow a local attacker, with user privileges, to access different resources by changing the API value of the application.

  • CVE-2024-6427HigJul 3, 2024
    risk 0.49cvss 7.5epss 0.01

    Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself, which could lead to…