CVE-2024-6426
- EPSS 0.13%
- Veröffentlicht 03.07.2024 12:15:03
- Zuletzt bearbeitet 21.11.2024 09:49:38
Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which could allow a local attacker, with user privileges, to access different resources by changing the API value of the application.
CVE-2024-6427
- EPSS 0.62%
- Veröffentlicht 03.07.2024 12:15:03
- Zuletzt bearbeitet 21.11.2024 09:49:38
Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself,...
CVE-2024-6424
- EPSS 0.56%
- Veröffentlicht 01.07.2024 13:15:06
- Zuletzt bearbeitet 22.10.2025 20:34:00
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST" or "/api/Proxy/Get?userName=&...
CVE-2024-6425
- EPSS 0.5%
- Veröffentlicht 01.07.2024 13:15:06
- Zuletzt bearbeitet 22.10.2025 20:31:43
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName...