Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-01-29
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.
CVSS Score
9.8
EPSS Score
0.006
Published
2025-01-29
Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.
CVSS Score
8.4
EPSS Score
0.006
Published
2024-10-07
Teedy v1.11 has a vulnerability in its text editor that allows events
to be executed in HTML tags that an attacker could manipulate. Thanks
to this, it is possible to execute malicious JavaScript in the webapp.
CVSS Score
5.7
EPSS Score
0.001
Published
2023-09-25