Intumit: >> Smartrobot >> 6.2.0-202303tw Security Vulnerabilities
SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-04-14
A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code.
CVSS Score
9.3
EPSS Score
0.007
Published
2024-12-26
SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-09-16