← Back

Mesbook

mesbook

Vendor: Mesbook • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-6427
1Mesbook
1Mesbook
Nov 21, 2024
Jul 3, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the applicati...Show more
Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself, which could lead to resource consumption and disable the application.Show less
CVE-2024-6426
1Mesbook
1Mesbook
Nov 21, 2024
Jul 3, 2024
N/A· v4
7.1 HIGH· v3
N/A· v2
Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which could allow a local attacker, with user privileges, to access different resources by changing the API value of the application.
CVE-2024-6425
1Mesbook
1Mesbook
Oct 22, 2025
Jul 1, 2024
N/A· v4
9.1 CRITICAL· v3
N/A· v2
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" a...Show more
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=<RANDOMUSER>&Password=<PASSWORD>&ConfirmPassword=<PASSWORD-REPEAT>".Show less
CVE-2024-6424
1Mesbook
1Mesbook
Oct 22, 2025
Jul 1, 2024
N/A· v4
8.2 HIGH· v3
N/A· v2
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST"...Show more
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST" or "/api/Proxy/Get?userName=&password=&uri=<ARCHIVO|URL INTERNA|IP/HOST" to read the source code of web files, read internal files or access network resources.Show less