CVE-2025-25182
- EPSS 0.33%
- Veröffentlicht 12.02.2025 17:15:23
- Zuletzt bearbeitet 12.02.2025 17:15:23
Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured w...
CVE-2019-10779
- EPSS 0.29%
- Veröffentlicht 28.01.2020 01:15:10
- Zuletzt bearbeitet 21.11.2024 04:19:54
All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can ...
- EPSS 0.25%
- Veröffentlicht 20.08.2018 19:31:43
- Zuletzt bearbeitet 21.11.2024 03:40:19
Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Special...