Gareth Catterall - Security Researcher - Exploit Intelligence Platform

CVE-2025-58780 NOMISEC HIGH WRITEUP

ScienceLogic SL1 <12.1.1 - SQL Injection

index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."

CVSS 7.2

View Code

CVE-2024-48590 NOMISEC CRITICAL WRITEUP

Inflectra Spirateam - SSRF

Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. This allows an attacker to escalate privileges and obtain sensitive information.

CVSS 9.8

View Code

CVE-2024-48591 NOMISEC MEDIUM WRITEUP

Inflectra Spirateam - XSS

Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting (XSS). A specially crafted SVG file can be uploaded that will render and execute JavaScript upon direct viewing.

CVSS 6.1

View Code