Appsmith
Monthly
Appsmith platform prior to version 1.96 has a critical stored XSS enabling account takeover through crafted admin panel content.
Appsmith platform version 1.94 and below has a missing authorization vulnerability that allows unauthenticated access to publicly deployed applications' internal APIs.
Appsmith before 1.93 allows attackers to control the Origin header value used as the base URL in password reset and email verification links. Attackers can redirect authentication tokens to their domain, enabling account takeover. PoC available, patch available.
An issue was discovered in Appsmith before 1.51. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 67.3% and no vendor patch available.
An issue was discovered in Appsmith before 1.51. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.2%.
Appsmith is a platform to build admin panels, internal tools, and dashboards. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Appsmith platform prior to version 1.96 has a critical stored XSS enabling account takeover through crafted admin panel content.
Appsmith platform version 1.94 and below has a missing authorization vulnerability that allows unauthenticated access to publicly deployed applications' internal APIs.
Appsmith before 1.93 allows attackers to control the Origin header value used as the base URL in password reset and email verification links. Attackers can redirect authentication tokens to their domain, enabling account takeover. PoC available, patch available.
An issue was discovered in Appsmith before 1.51. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 67.3% and no vendor patch available.
An issue was discovered in Appsmith before 1.51. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.2%.
Appsmith is a platform to build admin panels, internal tools, and dashboards. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.