Appspace

Appspace

5 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2021-27704

  • EPSS 0.06%
  • Published 12.11.2024 23:15:03
  • Last modified 27.06.2025 18:46:39

Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page.

7.5

CVE-2021-27990

  • EPSS 0.56%
  • Published 14.04.2021 14:15:13
  • Last modified 21.11.2024 05:58:57

Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.

5.4

CVE-2021-27989

  • EPSS 0.19%
  • Published 14.04.2021 12:15:12
  • Last modified 21.11.2024 05:58:57

Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.

9.8

CVE-2021-27670

Exploit
  • EPSS 92.84%
  • Published 25.02.2021 01:15:13
  • Last modified 21.11.2024 05:58:24

Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.

5.4

CVE-2021-27564

Exploit
  • EPSS 0.42%
  • Published 22.02.2021 17:15:12
  • Last modified 21.11.2024 05:58:12

A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes.