Skip to main content

Konga

3 CVEs product

Monthly

CVE-2024-34243 npm MEDIUM POC This Month

Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Konga
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-39846 CRITICAL POC Act Now

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Konga
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26987 MEDIUM POC This Month

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Konga
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Konga
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Konga
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Konga
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy