CVEDB API

Vulnerabilities

Vulnerable Software

Sherparpa: >> Sherpa Orchestrator >> 141851 Security Vulnerabilities

CVE-2025-46545

In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.

CVSS Score

4.4

EPSS Score

0.0

Published

2025-04-25

CVE-2025-46546

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/.

CVSS Score

3.5

EPSS Score

0.001

Published

2025-04-25

CVE-2025-46547

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.

CVSS Score

5.4

EPSS Score

0.0

Published

2025-04-25

CVE-2025-46544

In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles.

CVSS Score

6.4

EPSS Score

0.001

Published

2025-04-25

Page 1

Vulnerabilities

Vulnerable Software

Sherparpa: >> Sherpa Orchestrator >> 141851 Security Vulnerabilities

Products

Pricing

Contact Us