Skip to main content

Appspace

4 CVEs product

Monthly

CVE-2021-27990 HIGH POC This Week

Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Appspace
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-27989 MEDIUM POC This Month

Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Appspace
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-27670 CRITICAL POC THREAT Act Now

Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Appspace
NVD GitHub
CVSS 3.1
9.8
EPSS
61.3%
CVE-2021-27564 MEDIUM POC This Month

A stored XSS issue exists in Appspace 6.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Appspace
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
EPSS 1% CVSS 7.5
HIGH POC This Week

Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Appspace
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Appspace
NVD GitHub
EPSS 61% CVSS 9.8
CRITICAL POC THREAT Act Now

Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Appspace
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored XSS issue exists in Appspace 6.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Appspace
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy