Vulnerabilities (CVE)

Filtered by vendor Strangebee Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-22877 1 Strangebee 1 Thehive 2024-11-21 N/A 5.4 MEDIUM
StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened.
CVE-2024-22876 1 Strangebee 1 Thehive 2024-11-21 N/A 5.4 MEDIUM
StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator.
CVE-2023-39069 1 Strangebee 2 Cortex, Thehive 2024-11-21 N/A 9.8 CRITICAL
An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.
CVE-2017-18376 1 Strangebee 1 Thehive 2024-11-21 6.5 MEDIUM 8.8 HIGH
An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala.