herombey

3 exploits Active since Nov 2023
CVE-2023-47437 NOMISEC MEDIUM STUB
Pachno < 1.0.6 - Authenticated Stored Cross-Site Scripting in Project Description and Comments
A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script.
CVSS 5.4
CVE-2024-37846 WRITEUP MEDIUM STUB
MangoOS < 5.2.0 - Client-Side Template Injection via Platform Management Edit Page
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.
CVSS 4.6
CVE-2024-37847 WRITEUP HIGH WRITEUP
MangoOS < 5.1.4 and Mango API < 4.5.5 - Arbitrary File Upload and Remote Code Execution
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.
CVSS 8.8