Letm3Through

#11090of 53,624
24.8Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2024-32644
5.4
2024-09-30
Scout · Scout · CVE-2024-47530
**Name of the Vulnerable Software and Affected Versions** Scout versions prior to 4.89 **Description** The issue allows for open redirect attacks, enabling phishing attacks on users by redirecting them to malicious pages. The `/login` API endpoint is vulnerable due to the absence of sanitization logic in the `next` parameter. Additionally, the lack of scheme validation makes it possible to perform HTTPS Downgrade Attacks on users. **Recommendations** For versions prior to 4.89, update to version 4.89 to resolve the issue. As a temporary workaround, consider restricting access to the `/login` API endpoint or disabling the `next` parameter until the update is applied.
PT-2024-32645
4.6
2024-09-30
Scout · Scout · CVE-2024-47531
**Name of the Vulnerable Software and Affected Versions** Scout versions prior to 4.89 **Description** The issue arises from the lack of sanitization in filenames, allowing bypass of intended file extensions. This enables the download of malicious files with any extension. If users unknowingly download and open these files, it may lead to device or data compromise. **Recommendations** For versions prior to 4.89, update to version 4.89 to resolve the issue. As a temporary workaround, consider restricting the download of files from the Scout visualizer to minimize the risk of exploitation. Avoid opening files downloaded from the visualizer until the issue is resolved.
PT-2024-31702
8.7
2024-09-18
Mesop · Mesop · CVE-2024-45601
Name of the Vulnerable Software and Affected Versions: Mesop versions prior to 0.12.4 Description: A vulnerability has been discovered in Mesop, a Python-based UI framework, that could potentially allow unauthorized access to files on the server hosting the Mesop application. The issue is related to insufficient input validation in a specific endpoint, which could have allowed an attacker to access files not intended to be served. Recommendations: Update to the latest version of Mesop, which is 0.12.4 or later, to fix the vulnerability. As a temporary workaround, consider restricting access to the vulnerable endpoint until a patch is applied.
PT-2024-28349
6.1
2024-08-26
Gnuboard · Gnuboard · CVE-2024-39097
**Name of the Vulnerable Software and Affected Versions** Gnuboard versions 6.0.4 and below **Description** An Open Redirect issue exists in Gnuboard. The issue is due to a flaw in the `url` parameter within the login path. This allows an attacker to redirect users to a malicious website. The vulnerable parameter `url` can be exploited through the login path. **Recommendations** Versions prior to 6.0.5 are affected. Upgrade to version 6.0.5 to address the issue.