Vulnerabilities > Uniguest
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-19 | CVE-2023-25759 | OS Command Injection vulnerability in Uniguest Tripleplay 3.4.0 OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload. | 5.4 |
| 2023-04-19 | CVE-2023-25760 | Insufficiently Protected Credentials vulnerability in Uniguest Tripleplay 3.4.0 Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload | 8.8 |
| 2023-04-19 | CVE-2023-26599 | Cross-site Scripting vulnerability in Uniguest Tripleplay 3.4.0 XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link. | 6.1 |