Jakob Pachmann

#10948of 53,632
25.1Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2024-37069
6.8
2024-06-19
Paradox · Paradox Ip150 Internet Module · CVE-2024-5676
**Name of the Vulnerable Software and Affected Versions** Paradox IP150 Internet Module version 1.40.00 **Description** The issue is related to Cross-Site Request Forgery (CSRF) attacks, which can be executed due to the lack of countermeasures and the use of the HTTP method `GET` to introduce changes in the system. **Recommendations** For Paradox IP150 Internet Module version 1.40.00, consider disabling the use of the `GET` method for introducing system changes until a patch is available. Restrict access to sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-36875
8.1
2024-06-06
Craft Cms · Two-Factor Authentication · CVE-2024-5657
**Name of the Vulnerable Software and Affected Versions** CraftCMS plugin Two-Factor Authentication versions 3.3.1 through 3.3.3 **Description** The issue discloses the password hash of the currently authenticated user after submitting a valid TOTP. **Recommendations** For versions 3.3.1 through 3.3.3, consider disabling the Two-Factor Authentication plugin until a patch is available to prevent the disclosure of password hashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-36886
4.8
2024-06-06
Craft Cms · Two-Factor Authentication · CVE-2024-5658
**Name of the Vulnerable Software and Affected Versions** CraftCMS plugin Two-Factor Authentication versions 3.3.3 and earlier **Description** The issue allows reuse of TOTP tokens multiple times within the validity period. **Recommendations** For versions 3.3.3 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of TOTP tokens to minimize the risk of exploitation.
PT-2022-24373
5.4
2022-09-27
Vtiger · Vtiger Crm · CVE-2022-38335
**Name of the Vulnerable Software and Affected Versions** Vtiger CRM version 7.4.0 **Description** A stored cross-site scripting (XSS) issue was found in the e-mail template modules. This allows for malicious scripts to be stored and executed when the module is accessed. **Recommendations** For Vtiger CRM version 7.4.0, consider disabling the e-mail template modules until a patch is available to prevent potential exploitation of the stored XSS issue.