Vulnerabilities (CVE)

Filtered by vendor Uniguest Subscribe
Filtered by product Tripleplay
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-26599 1 Uniguest 1 Tripleplay 2024-11-21 N/A 6.1 MEDIUM
XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link.
CVE-2023-25760 1 Uniguest 1 Tripleplay 2024-11-21 N/A 8.8 HIGH
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload
CVE-2023-25759 1 Uniguest 1 Tripleplay 2024-11-21 N/A 5.4 MEDIUM
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.