Skip to main content

Terminalfour

6 CVEs product

Monthly

CVE-2025-58386 CRITICAL Act Now

In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power User can intercept and modify this parameter to assign the Administrator role to other existing lower-privileged accounts, or invite a new lower-privileged account and escalate its privileges. While manipulating this request, the Power User can also change the target account's password, effectively taking full control of it.

Authentication Bypass Terminalfour
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-22217 MEDIUM This Month

A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Terminalfour
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-22220 MEDIUM This Month

An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Formbank Terminalfour
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-29484 MEDIUM PATCH This Month

In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Terminalfour
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-23591 MEDIUM This Month

The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Terminalfour
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-30770 MEDIUM POC This Month

Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Terminalfour
NVD
CVSS 3.1
6.1
EPSS
1.0%
EPSS 0% CVSS 9.8
CRITICAL Act Now

In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power User can intercept and modify this parameter to assign the Administrator role to other existing lower-privileged accounts, or invite a new lower-privileged account and escalate its privileges. While manipulating this request, the Power User can also change the target account's password, effectively taking full control of it.

Authentication Bypass Terminalfour
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Terminalfour
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Formbank Terminalfour
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Terminalfour
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Terminalfour
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Terminalfour
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy