Filtered by vendor Uniguest Subscriptions
Filtered by product Tripleplay Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-26599 1 Uniguest 1 Tripleplay 2024-11-21 6.1 Medium
XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link.
CVE-2023-25760 1 Uniguest 1 Tripleplay 2024-11-21 8.8 High
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload
CVE-2023-25759 1 Uniguest 1 Tripleplay 2024-11-21 5.4 Medium
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.