Allegra
Monthly
Cross-site scripting in Allegra's downloadAttachment method enables authenticated remote attackers to inject and execute arbitrary JavaScript within a victim user's browser session. Exploitation requires an authenticated low-privilege attacker account and mandatory victim interaction - the target must visit a malicious page or open a crafted file - limiting the realistic attack surface. Reported by Zero Day Initiative (ZDI-CAN-28236 / ZDI-26-358), patched in Allegra 9.0.0. No public exploit code and no active exploitation (CISA KEV) identified at time of analysis.
Directory traversal in Allegra's exportReport method exposes arbitrary server-side files to authenticated remote attackers, operating in the context of the underlying service account. The flaw affects all tracked versions per the CPE wildcard (cpe:2.3:a:allegra:allegra:*), with Alltena's 9.0.0 release notes referencing the fix. No public exploit code or CISA KEV listing has been identified at time of analysis, and no EPSS data was provided, but the CVSS 6.5 rating reflects a meaningful confidentiality risk for any internet-facing Allegra deployment where user accounts may be broadly provisioned.
Allegra project tracking software contains an authentication bypass in the password recovery token generation. Unauthenticated remote attackers can calculate the token expiration date and generate valid password reset tokens, allowing them to reset any user's password including administrators.
Directory traversal vulnerability in Allegra's extractFileFromZip method that allows authenticated attackers to execute arbitrary code on affected systems. The vulnerability stems from insufficient path validation, enabling remote code execution in the context of the running process. With a CVSS score of 8.8 and requiring only low-privilege authentication, this represents a significant risk to Allegra deployments, though exploitation requires prior authenticated access.
Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting in Allegra's downloadAttachment method enables authenticated remote attackers to inject and execute arbitrary JavaScript within a victim user's browser session. Exploitation requires an authenticated low-privilege attacker account and mandatory victim interaction - the target must visit a malicious page or open a crafted file - limiting the realistic attack surface. Reported by Zero Day Initiative (ZDI-CAN-28236 / ZDI-26-358), patched in Allegra 9.0.0. No public exploit code and no active exploitation (CISA KEV) identified at time of analysis.
Directory traversal in Allegra's exportReport method exposes arbitrary server-side files to authenticated remote attackers, operating in the context of the underlying service account. The flaw affects all tracked versions per the CPE wildcard (cpe:2.3:a:allegra:allegra:*), with Alltena's 9.0.0 release notes referencing the fix. No public exploit code or CISA KEV listing has been identified at time of analysis, and no EPSS data was provided, but the CVSS 6.5 rating reflects a meaningful confidentiality risk for any internet-facing Allegra deployment where user accounts may be broadly provisioned.
Allegra project tracking software contains an authentication bypass in the password recovery token generation. Unauthenticated remote attackers can calculate the token expiration date and generate valid password reset tokens, allowing them to reset any user's password including administrators.
Directory traversal vulnerability in Allegra's extractFileFromZip method that allows authenticated attackers to execute arbitrary code on affected systems. The vulnerability stems from insufficient path validation, enabling remote code execution in the context of the running process. With a CVSS score of 8.8 and requiring only low-privilege authentication, this represents a significant risk to Allegra deployments, though exploitation requires prior authenticated access.
Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.