Skip to main content

Filecatalyst Direct

2 CVEs product

Monthly

CVE-2024-25155 MEDIUM This Month

In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Filecatalyst Direct
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25154 MEDIUM This Month

Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Filecatalyst Direct
NVD
CVSS 3.1
5.3
EPSS
0.5%
EPSS 0% CVSS 6.1
MEDIUM This Month

In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Filecatalyst Direct
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Filecatalyst Direct
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy