Vendor
Tine
Products
2
CVEs
3
Across products
3
Status
Private
Products
2- 2 CVEs
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-41364 | Cri | 0.64 | 9.8 | 0.01 | Sep 1, 2023 | In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection. | ||
| CVE-2024-36070 | Hig | 0.42 | 7.5 | 0.01 | May 19, 2024 | tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.) | ||
| CVE-2017-14921 | Med | 0.35 | 5.4 | 0.01 | Sep 30, 2017 | Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. |
- risk 0.64cvss 9.8epss 0.01
In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.
- risk 0.42cvss 7.5epss 0.01
tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.)
- risk 0.35cvss 5.4epss 0.01
Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.