Sopalinge

4 exploits Active since Feb 2024
CVE-2023-52059 WRITEUP MEDIUM WRITEUP
Gestsup < 3.2.46 - Stored Cross-Site Scripting via Description Text Field
A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.
CVSS 5.4
CVE-2023-52060 WRITEUP MEDIUM WRITEUP
gestsup < 3.2.46 - Cross-Site Request Forgery via User Profile Edit
A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.
CVSS 4.3
CVE-2024-54851 WRITEUP HIGH WRITEUP
Teedy <= 1.12 - Cross-Site Request Forgery
Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection.
CVSS 8.8
CVE-2024-54852 WRITEUP CRITICAL WRITEUP
Teedy 1.9-1.12 - Unauthenticated LDAP Injection via Login Username Field
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.
CVSS 9.8