CVEDB API

Vulnerabilities

Vulnerable Software

Sunbirddcim: >> Dctrack >> 9.1.2 Security Vulnerabilities

CVE-2024-37774

A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.

CVSS Score

8.0

EPSS Score

0.0

Published

2024-12-16

CVE-2024-37775

Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.

CVSS Score

7.5

EPSS Score

0.001

Published

2024-12-16

CVE-2024-37776

A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.

CVSS Score

4.8

EPSS Score

0.001

Published

2024-12-16

CVE-2024-37773

An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.

CVSS Score

4.8

EPSS Score

0.001

Published

2024-12-16

Page 1

Vulnerabilities

Vulnerable Software

Sunbirddcim: >> Dctrack >> 9.1.2 Security Vulnerabilities

Products

Pricing

Contact Us