Appspace

appspace

6 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-27704 1Appspace 1Appspace Jun 27, 2025 Nov 12, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page.
CVE-2021-27990 1Appspace 1Appspace Nov 21, 2024 Apr 14, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.
CVE-2021-27989 1Appspace 1Appspace Nov 21, 2024 Apr 14, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.
CVE-2021-27670 1Appspace 1Appspace Nov 21, 2024 Feb 25, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
CVE-2021-27564 1Appspace 1Appspace Nov 21, 2024 Feb 22, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group,...Show more A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes.Show less
CVE-2020-5393 1Appspace 1On Prem Nov 21, 2024 Jan 7, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS.