VYPR
Vendor

Tine

Products
2
CVEs
3
Across products
3
Status
Private

Products

2

Recent CVEs

3
  • CVE-2023-41364CriSep 1, 2023
    risk 0.64cvss 9.8epss 0.01

    In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.

  • CVE-2024-36070HigMay 19, 2024
    risk 0.42cvss 7.5epss 0.01

    tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.)

  • CVE-2017-14921MedSep 30, 2017
    risk 0.35cvss 5.4epss 0.01

    Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.