CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Bonitasoft: >> Bonita Web Security Vulnerabilities

CVE-2024-26542

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field.

CVSS Score

6.1

EPSS Score

0.001

Published

2024-02-27

CVE-2022-25237

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API endpoints. This can lead to remote code execution by abusing the privileged API actions.

CVSS Score

9.8

EPSS Score

0.929

Published

2022-06-02

Page 1

Vulnerabilities

Vulnerable Software

Bonitasoft: >> Bonita Web Security Vulnerabilities

Products

Pricing

Contact Us