herombey

3 exploits Active since Nov 2023
CVE-2023-47437 NOMISEC MEDIUM STUB
Pachno < 1.0.6 - XSS
A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script.
CVSS 5.4
CVE-2024-37846 WRITEUP MEDIUM STUB
Radixiot Mango < 5.2.0 - Code Injection
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.
CVSS 4.6
CVE-2024-37847 WRITEUP HIGH WRITEUP
Radixiot Mango < 5.1.4 - Path Traversal
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.
CVSS 8.8