Search Results | AttackerKB

4 Total Results

Displaying 1-4 of 4

Attacker Value

Unknown

CVE-2024-37847

Disclosure Date: October 25, 2024 (last updated February 26, 2025)

An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.

Attacker Value

Unknown

CVE-2024-37846

Disclosure Date: October 25, 2024 (last updated February 26, 2025)

MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.

Attack Vector: Network Privileges: Low User Interaction: Required

Attacker Value

Unknown

CVE-2024-37845

Disclosure Date: October 25, 2024 (last updated February 26, 2025)

MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature.

Attack Vector: Network Privileges: High User Interaction: None

Attacker Value

Unknown

CVE-2024-37844

Disclosure Date: October 25, 2024 (last updated February 26, 2025)

A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Attack Vector: Network Privileges: Low User Interaction: Required

4 Total Results

Displaying 1-4 of 4

Unknown

CVE-2024-37847

Unknown

CVE-2024-37846

Unknown

CVE-2024-37845

Unknown

CVE-2024-37844

Quick Cookie Notification