Artemy-Ccrsky

#12958of 53,635
20.6Total CVSS
Vulnerabilities · 3
Medium
2
Critical
1
PT-2024-29344
9.8
2024-10-01
Kaiten · Kaiten · CVE-2024-41276
**Name of the Vulnerable Software and Affected Versions** Kaiten versions 57.131.12 and earlier **Description** A vulnerability in the PIN code authentication mechanism allows attackers to bypass it. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentials. However, the request limiting mechanism can be easily bypassed, enabling attackers to perform a brute force attack to guess the correct PIN and gain unauthorized access to the application. **Recommendations** For versions 57.131.12 and earlier, patch the application immediately and enforce strong authentication policies to prevent brute-force attacks. As a temporary workaround, consider restricting access to the PIN code authentication mechanism until a patch is available.
PT-2024-28392
5.3
2024-07-04
Kaiten · Kaiten · CVE-2024-39211
**Name of the Vulnerable Software and Affected Versions** Kaiten version 57.128.8 **Description** The issue allows remote attackers to enumerate user accounts via a crafted POST request. This is possible because a login response contains a `user email` field only if the user account exists. **Recommendations** For Kaiten version 57.128.8, consider modifying the login response to not include the `user email` field, or implement additional checks to prevent user account enumeration. As a temporary workaround, restrict access to the login endpoint to minimize the risk of exploitation.
PT-2023-9788
5.5
2023-03-01
Soldr · Soldr · CVE-2023-26608
**Name of the Vulnerable Software and Affected Versions** SOLDR versions 1.1.0 **Description** The issue is related to a stored XSS vulnerability in the module editor of the SOLDR system. This vulnerability exists due to inadequate protection of the web page structure, allowing a remote attacker to conduct cross-site scripting attacks by injecting malicious JavaScript code. **Recommendations** For SOLDR version 1.1.0, as a temporary workaround, consider disabling the module editor until a patch is available. Restrict access to the module editor to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.