← Back

Tripleplay

tripleplay

Vendor: Uniguest • 7 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-50707
1Uniguest
1Tripleplay
May 28, 2025
Mar 4, 2025
N/A· v4
10.0 CRITICAL· v3
N/A· v2
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request.
CVE-2024-50704
1Uniguest
1Tripleplay
May 28, 2025
Mar 4, 2025
N/A· v4
10.0 CRITICAL· v3
N/A· v2
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request.
CVE-2024-50706
1Uniguest
1Tripleplay
May 28, 2025
Mar 4, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database.
CVE-2024-50705
1Uniguest
1Tripleplay
May 21, 2025
Mar 4, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter.
CVE-2023-26599
1Uniguest
1Tripleplay
Feb 5, 2025
Apr 19, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link.
CVE-2023-25760
1Uniguest
1Tripleplay
Feb 5, 2025
Apr 19, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload
CVE-2023-25759
1Uniguest
1Tripleplay
Feb 5, 2025
Apr 19, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.