Skip to main content

Tripleplay

7 CVEs product

Monthly

CVE-2024-50707 CRITICAL Act Now

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Tripleplay
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-50704 CRITICAL Act Now

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Tripleplay
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2024-50706 CRITICAL Act Now

Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Tripleplay
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-50705 HIGH This Week

Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter. Rated high severity (CVSS 7.1). No vendor patch available.

CSRF XSS Tripleplay
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2023-26599 MEDIUM This Month

XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tripleplay
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25760 HIGH This Week

Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tripleplay
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-25759 MEDIUM This Month

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tripleplay
NVD
CVSS 3.1
5.4
EPSS
0.9%
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Tripleplay
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Tripleplay
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Tripleplay
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter. Rated high severity (CVSS 7.1). No vendor patch available.

CSRF XSS Tripleplay
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tripleplay
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tripleplay
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tripleplay
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy