Gareth Catterall - Security Researcher - Exploit Intelligence Platform

CVE-2025-58780 NOMISEC HIGH WRITEUP

ScienceLogic SL1 <12.1.1 - SQL Injection

index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."

CVSS 7.2

View Code

CVE-2024-48590 NOMISEC CRITICAL WRITEUP

Inflectra SpiraTeam 7.2.00 - Server-Side Request Forgery via NewsReaderService

Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. This allows an attacker to escalate privileges and obtain sensitive information.

CVSS 9.8

View Code

CVE-2024-48591 NOMISEC MEDIUM WRITEUP

Inflectra SpiraTeam 7.2.00 - Stored Cross-Site Scripting via SVG File Upload

Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting (XSS). A specially crafted SVG file can be uploaded that will render and execute JavaScript upon direct viewing.

CVSS 6.1

View Code

CVE-2024-48590 WRITEUP CRITICAL WRITEUP

Inflectra SpiraTeam 7.2.00 - Server-Side Request Forgery via NewsReaderService

Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. This allows an attacker to escalate privileges and obtain sensitive information.

CVSS 9.8

View Code