Skip to main content

Labkey Server

6 CVEs product

Monthly

CVE-2019-9926 HIGH POC This Week

An issue was discovered in LabKey Server 19.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Labkey Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-9758 MEDIUM POC This Month

An issue was discovered in LabKey Server 19.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Privilege Escalation Labkey Server
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-9757 HIGH POC THREAT This Week

An issue was discovered in LabKey Server 19.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Labkey Server
NVD GitHub
CVSS 3.1
7.5
EPSS
37.3%
CVE-2019-3913 MEDIUM POC This Month

Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Command Injection Labkey Server
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2019-3912 MEDIUM POC This Month

An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Labkey Server
NVD
CVSS 3.1
6.1
EPSS
4.8%
CVE-2019-3911 MEDIUM POC This Month

Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Labkey Server
NVD
CVSS 3.1
6.1
EPSS
3.8%
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue was discovered in LabKey Server 19.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Labkey Server
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An issue was discovered in LabKey Server 19.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Privilege Escalation Labkey Server
NVD GitHub
EPSS 37% CVSS 7.5
HIGH POC THREAT This Week

An issue was discovered in LabKey Server 19.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Labkey Server
NVD GitHub
EPSS 2% CVSS 4.9
MEDIUM POC This Month

Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Command Injection Labkey Server
NVD
EPSS 5% CVSS 6.1
MEDIUM POC This Month

An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Labkey Server
NVD
EPSS 4% CVSS 6.1
MEDIUM POC This Month

Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Labkey Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy