Uniguest Tripleplay
7 CVEs affecting Uniguest Tripleplay. Latest disclosed: 2025-03-04. Critical: 3, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-50707 | Critical | 10.0 | 2025-03-04 | Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-… |
CVE-2024-50704 | Critical | 10.0 | 2025-03-04 | Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially craf… |
CVE-2024-50706 | Critical | 9.8 | 2025-03-04 | Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend databa… |
CVE-2023-25760 | High | 8.8 | 2023-04-19 | Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request… |
CVE-2024-50705 | High | 7.1 | 2025-03-04 | Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts vi… |
CVE-2023-26599 | Medium | 6.1 | 2023-04-19 | XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated u… |
CVE-2023-25759 | Medium | 5.4 | 2023-04-19 | OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS le… |