Cerebrate Project

cerebrate-project

9 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-41908 1Cerebrate Project 1Cerebrate Nov 21, 2024 Sep 5, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Cerebrate before 1.15 lacks the Secure attribute for the session cookie.
CVE-2023-41363 1Cerebrate Project 1Cerebrate Nov 21, 2024 Aug 29, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.
CVE-2023-28883 1Cerebrate Project 1Cerebrate Feb 19, 2025 Mar 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint.
CVE-2023-26468 1Cerebrate Project 1Cerebrate Nov 21, 2024 Feb 24, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Cerebrate 1.12 does not properly consider organisation_id during creation of API keys.
CVE-2022-25321 1Cerebrate Project 1Cerebrate Nov 21, 2024 Feb 18, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component.
CVE-2022-25320 1Cerebrate Project 1Cerebrate Nov 21, 2024 Feb 18, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in Cerebrate through 1.4. Username enumeration could occur.
CVE-2022-25319 1Cerebrate Project 1Cerebrate Nov 21, 2024 Feb 18, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.
CVE-2022-25318 1Cerebrate Project 1Cerebrate Nov 21, 2024 Feb 18, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.
CVE-2022-25317 1Cerebrate Project 1Cerebrate Nov 21, 2024 Feb 18, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.