Aggregates CVE and security vulnerability intelligence across all mesbook-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk ssrf and vendor risk path handling, with potential vendor impact file overwrite across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-6427 | Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself, which could lead to resource consumption and disable the application. | [email protected] | 7.5 | 0.62% | 2024-07-03 | 2026-06-17 |
| CVE-2024-6426 | Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which could allow a local attacker, with user privileges, to access different resources by changing the API value of the application. | [email protected] | 8.1 | 0.30% | 2024-07-03 | 2026-06-17 |
| CVE-2024-6425 | Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=<RANDOMUSER>&Password=<PASSWORD>&ConfirmPassword=<PASSWORD-REPEAT>". | [email protected] | 9.1 | 0.55% | 2024-07-01 | 2026-06-17 |
| CVE-2024-6424 | External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST" or "/api/Proxy/Get?userName=&password=&uri=<ARCHIVO|URL INTERNA|IP/HOST" to read the source code of web files, read internal files or access network resources. | [email protected] | 9.3 | 0.49% | 2024-07-01 | 2026-06-17 |