Sopalinge

4 exploits Active since Feb 2024
CVE-2023-52059 WRITEUP MEDIUM WRITEUP
Gestsup v3.2.46 - XSS
A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.
CVSS 5.4
CVE-2023-52060 WRITEUP MEDIUM WRITEUP
Gestsup v3.2.46 - CSRF
A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.
CVSS 4.3
CVE-2024-54851 WRITEUP HIGH WRITEUP
Sismics Teedy < 1.12 - CSRF
Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection.
CVSS 8.8
CVE-2024-54852 WRITEUP CRITICAL WRITEUP
Sismics Teedy < 1.12 - LDAP Injection
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.
CVSS 9.8