daloradius CVE 脆弱性と CVE 一覧（7）

製品（CPE）: — CVE 件数: 7

daloradius 脆弱性概要

daloradius 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に vendor risk cross-site scripting and vendor risk csrf などに関し、一部は vendor impact session compromise を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移（直近24か月）

CVE	概要	ソース	CVSS 最大値	EPSS（%）	公開	更新
CVE-2023-0338	Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.	[email protected]	6.1	0.23%	2023-01-17	2024-11-21
CVE-2023-0337	Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.	[email protected]	6.1	0.23%	2023-01-17	2024-11-21
CVE-2023-0048	Code Injection in GitHub repository lirantal/daloradius prior to master-branch.	[email protected]	8.8	2.16%	2023-01-04	2024-11-21
CVE-2023-0046	Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch.	[email protected]	7.2	0.42%	2023-01-04	2024-11-21
CVE-2022-4630	Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master.	[email protected]	5.3	0.19%	2022-12-21	2024-11-21
CVE-2022-4366	Missing Authorization in GitHub repository lirantal/daloradius prior to master branch.	[email protected]	7.5	0.30%	2022-12-08	2024-11-21
CVE-2022-23475	daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in the DOM on line 116. This issue has been addressed in commit `ec3b4a419e`. Users are advised to manually apply the commit in order to mitigate this issue. Users may also mitigate this issue with in	[email protected]	8.8	0.14%	2022-12-06	2024-11-21

cvelogic Threat Intelligence