Skip to main content

Mobile Application Platform

3 CVEs product

Monthly

CVE-2017-7554 MEDIUM PATCH This Month

It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mobile Application Platform
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7553 MEDIUM This Month

The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Mobile Application Platform
NVD
CVSS 3.0
6.3
EPSS
0.2%
CVE-2017-7552 CRITICAL Act Now

A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mobile Application Platform
NVD
CVSS 3.0
9.8
EPSS
0.4%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mobile Application Platform
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Mobile Application Platform
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mobile Application Platform
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy