Kostasmitroglou: >> Thesystem >> 1.0.0 Security Vulnerabilities
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication.
CVSS Score
9.8
EPSS Score
0.034
Published
2026-02-20
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-02-11