Ordat: community verdicts
3 notable / known-exploited Ordat CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Ordat CVE, see NVD ↗.
- CVE-2024-34334HIGH 7.5Real · low riskEPSS 0%
ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.
- CVE-2024-34336MED 5.3EPSS 0%
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality.
- CVE-2024-34335MED 6.1EPSS 0%
ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page.