Vulnerabilities > Strangebee

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-19	CVE-2024-22876	Cross-site Scripting vulnerability in Strangebee Thehive StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. network low complexity strangebee CWE-79	5.4
2024-01-19	CVE-2024-22877	Cross-site Scripting vulnerability in Strangebee Thehive 5.2.0/5.2.8 StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. network low complexity strangebee CWE-79	5.4
2023-09-11	CVE-2023-39069	Improper Authentication vulnerability in Strangebee Cortex and Thehive An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism. network low complexity strangebee CWE-287 critical	9.8
2019-06-02	CVE-2017-18376	Permissions, Privileges, and Access Controls vulnerability in Strangebee Thehive An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. network low complexity strangebee CWE-264	8.8

Vulnerabilities > Strangebee {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Strangebee"}]}