nuxsmin

2 exploits Active since Mar 2017
CVE-2024-42904 WRITEUP MEDIUM WRITEUP
syspass 3.2.0-3.2.10 - Cross-Site Scripting via Client Name Parameter
A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php.
CVSS 6.1
CVE-2017-5999 WRITEUP HIGH WRITEUP
syspass 2.x - Inadequate Encryption Strength via MCRYPT_RIJNDAEL_256
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system.
CVSS 7.5