Freetakserver-ui Project Freetakserver-ui — known CVE vulnerabilities
Every CVE whose affected-product data names Freetakserver-ui Project Freetakserver-ui, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2022-25510 — CVSS 8.8 (high): FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or…
CVE-2022-25508 — CVSS 7.5 (high): An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial…
CVE-2022-25506 — CVSS 6.5 (medium): FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.
CVE-2022-25511 — CVSS 6.5 (medium): An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files…
CVE-2022-25507 — CVSS 5.4 (medium): FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter.