Vulnerabilities > Appspace > Appspace
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-14 | CVE-2021-27990 | Improper Authentication vulnerability in Appspace 6.2.4 Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities. | 7.5 |
| 2021-04-14 | CVE-2021-27989 | Cross-site Scripting vulnerability in Appspace 6.2.4 Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx. | 5.4 |
| 2021-02-25 | CVE-2021-27670 | Server-Side Request Forgery (SSRF) vulnerability in Appspace 6.2.4 Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. | 9.8 |
| 2021-02-22 | CVE-2021-27564 | Cross-site Scripting vulnerability in Appspace 6.2.4 A stored XSS issue exists in Appspace 6.2.4. | 5.4 |