本頁列出影響 sunbirddcim dctrack 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-37776 | A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens. | [email protected] | 4.8 | 0.29% | 2024-12-16 | 2026-06-17 |
| CVE-2024-37775 | Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check. | [email protected] | 7.5 | 0.44% | 2024-12-16 | 2026-06-17 |
| CVE-2024-37774 | A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens. | [email protected] | 8.0 | 0.19% | 2024-12-16 | 2026-06-17 |
| CVE-2024-37773 | An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen. | [email protected] | 4.8 | 0.17% | 2024-12-16 | 2026-06-17 |