Terminalfour: Security Vulnerabilities
A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-08-15
An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview.
CVSS Score
6.3
EPSS Score
0.003
Published
2024-02-21
In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-16
The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-04-12
Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an attacker to mislead an administrator and steal their credentials.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-05-16