Sunbirddcim: community verdicts
4 notable / known-exploited Sunbirddcim CVEs the community has triaged.
- CVE-2024-37775HIGH 7.5Real · low riskEPSS 0%
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.
- CVE-2024-37776MED 4.8EPSS 0%
A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.
- CVE-2024-37773MED 4.8EPSS 0%
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.
- CVE-2024-37774HIGH 8Real · low riskEPSS 0%
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.