Every CVE whose affected-product data names If-me Ifme, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2021-25992 — CVSS 9.8 (critical): In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it…
CVE-2021-25991 — CVSS 5.7 (medium): In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves…
CVE-2021-25988 — CVSS 5.4 (medium): In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly…
CVE-2021-25989 — CVSS 5.4 (medium): In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by…
CVE-2021-25990 — CVSS 5.4 (medium): In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads…