Vulnerabilities > Syspass > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-03 | CVE-2024-42904 | Cross-site Scripting vulnerability in Syspass A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php. | 6.1 |
| 2023-03-06 | CVE-2022-4930 | Cross-site Scripting vulnerability in Syspass A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. | 5.4 |
| 2017-05-31 | CVE-2017-9306 | Cross-site Scripting vulnerability in Syspass 2.1.9 inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring. | 6.1 |