Vulnerabilities > Syspass

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-03	CVE-2024-42904	Cross-site Scripting vulnerability in Syspass A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php. network low complexity syspass CWE-79	6.1
2023-03-06	CVE-2022-4930	Cross-site Scripting vulnerability in Syspass A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. network low complexity syspass CWE-79	5.4
2017-05-31	CVE-2017-9306	Cross-site Scripting vulnerability in Syspass 2.1.9 inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring. network low complexity syspass CWE-79	6.1
2017-03-06	CVE-2017-5999	Inadequate Encryption Strength vulnerability in Syspass 2.0 An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. network low complexity syspass CWE-326	7.5

Vulnerabilities > Syspass {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Syspass"}]}