Sopalinge

#9770of 53,630
28.3Total CVSS
Vulnerabilities · 4
Medium
2
High
1
Critical
1
PT-2025-3080
8.8
2025-01-29
Teedy · Teedy · CVE-2024-54851
**Name of the Vulnerable Software and Affected Versions** Teedy versions 1.12 and earlier **Description** The issue is related to Cross Site Request Forgery (CSRF), which occurs due to the lack of CSRF protection. **Recommendations** For Teedy versions 1.12 and earlier, as a temporary workaround, consider implementing CSRF protection mechanisms until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-3081
9.8
2025-01-29
Teedy · Teedy · CVE-2024-54852
**Name of the Vulnerable Software and Affected Versions** Teedy versions 1.9 through 1.12 **Description** The issue arises when the LDAP connection is activated, allowing an unauthenticated attacker to exploit the `username` field of the login form due to improper sanitization of user input. This enables the attacker to perform malicious actions, such as creating arbitrary accounts and spraying passwords. **Recommendations** Teedy versions 1.9 through 1.12: Update the LDAP connection settings to properly sanitize user input, specifically the `username` field, to prevent LDAP injection attacks. Ensure that all user input is validated and sanitized before being processed by the LDAP connection.
PT-2024-14378
5.4
2024-02-12
Gestsup · Gestsup · CVE-2023-52059
**Name of the Vulnerable Software and Affected Versions** Gestsup version 3.2.46 **Description** A cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Description` text field. **Recommendations** For Gestsup version 3.2.46, consider disabling the Description text field until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to this field to minimize the risk of arbitrary web script execution.
PT-2024-14379
4.3
2024-02-12
Gestsup · Gestsup · CVE-2023-52060
**Name of the Vulnerable Software and Affected Versions** Gestsup version 3.2.46 **Description** A Cross-Site Request Forgery (CSRF) issue allows attackers to arbitrarily edit user profile information via a crafted request. **Recommendations** For Gestsup version 3.2.46, update to a version that includes a fix for this issue, as no specific workaround is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.