Show filters
21 Total Results
Displaying 1-10 of 21
Sort by:
Attacker Value
Unknown

CVE-2024-37847

Disclosure Date: October 25, 2024 (last updated February 26, 2025)
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-37846

Disclosure Date: October 25, 2024 (last updated February 26, 2025)
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-37845

Disclosure Date: October 25, 2024 (last updated February 26, 2025)
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-37844

Disclosure Date: October 25, 2024 (last updated February 26, 2025)
A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-2176

Disclosure Date: April 07, 2020 (last updated February 21, 2025)
Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2017-6809

Disclosure Date: March 11, 2017 (last updated November 26, 2024)
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter).
0
0
Attacker Value
Unknown

CVE-2017-6810

Disclosure Date: March 11, 2017 (last updated November 26, 2024)
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter).
0
0
Attacker Value
Unknown

CVE-2017-6812

Disclosure Date: March 11, 2017 (last updated November 26, 2024)
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter).
0
0
Attacker Value
Unknown

CVE-2017-6808

Disclosure Date: March 11, 2017 (last updated November 26, 2024)
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter).
0
0
Attacker Value
Unknown

CVE-2017-6811

Disclosure Date: March 11, 2017 (last updated November 26, 2024)
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter).
0
0
View More Topics  Next >