Rallly
Monthly
Cross-site scripting (XSS) in lukevella Rallly up to version 4.7.4 allows authenticated users to inject malicious scripts via the redirectTo parameter in the reset password form, affecting the stored XSS vector with user interaction required. The vulnerability has public exploit code available and is mitigated by upgrading to version 4.8.0 or later. Real-world risk is limited by the requirement for authenticated access and user interaction, but the publicly available exploit increases attack feasibility.
Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) in lukevella Rallly up to version 4.7.4 allows authenticated users to inject malicious scripts via the redirectTo parameter in the reset password form, affecting the stored XSS vector with user interaction required. The vulnerability has public exploit code available and is mitigated by upgrading to version 4.8.0 or later. Real-world risk is limited by the requirement for authenticated access and user interaction, but the publicly available exploit increases attack feasibility.
Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Rallly is an open-source scheduling and collaboration tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.