Filtered by vendor Gladysassistant
Subscriptions
Filtered by product Gladys Assistant
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47210 | 1 Gladysassistant | 1 Gladys Assistant | 2024-09-26 | 8.8 High |
| Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js. | ||||
| CVE-2023-43256 | 1 Gladysassistant | 1 Gladys Assistant | 2024-09-24 | 6.5 Medium |
| A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. | ||||
| CVE-2023-47440 | 1 Gladysassistant | 1 Gladys Assistant | 2024-08-02 | 6.5 Medium |
| Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine. | ||||
Page 1 of 1.