彙總 daloradius 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 跨站腳本與CSRF 等問題,部分漏洞可能導致 工作階段劫持,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-0338 | Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. | [email protected] | 6.1 | 0.47% | 2023-01-17 | 2026-06-17 |
| CVE-2023-0337 | Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. | [email protected] | 6.1 | 0.47% | 2023-01-17 | 2026-06-17 |
| CVE-2023-0048 | Code Injection in GitHub repository lirantal/daloradius prior to master-branch. | [email protected] | 8.8 | 32.28% | 2023-01-04 | 2026-06-17 |
| CVE-2023-0046 | Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch. | [email protected] | 7.2 | 1.02% | 2023-01-04 | 2026-06-17 |
| CVE-2022-4630 | Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. | [email protected] | 5.3 | 0.63% | 2022-12-21 | 2026-06-17 |
| CVE-2022-4366 | Missing Authorization in GitHub repository lirantal/daloradius prior to master branch. | [email protected] | 7.5 | 0.70% | 2022-12-08 | 2026-06-17 |
| CVE-2022-23475 | daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in the DOM on line 116. This issue has been addressed in commit `ec3b4a419e`. Users are advised to manually apply the commit in order to mitigate this issue. Users may also mitigate this issue with in | [email protected] | 8.8 | 0.45% | 2022-12-06 | 2026-06-17 |