CVE-2023-50712 – Improper Neutralization of Alternate XSS Syntax in iris-web
https://notcve.org/view.php?id=CVE-2023-50712
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. • https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7 https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-87: Improper Neutralization of Alternate XSS Syntax •
CVE-2023-30615 – Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in iris-web
https://notcve.org/view.php?id=CVE-2023-30615
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. • https://github.com/dfir-iris/iris-web/releases/tag/v2.2.1 https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2021-23772 – Arbitrary File Write
https://notcve.org/view.php?id=CVE-2021-23772
This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder. Esto afecta a todas las versiones del paquete github.com/kataras/iris; todas las versiones del paquete github.com/kataras/iris/v12. Un manejo no seguro de los nombres de archivo durante la carga usando el método UploadFormFiles puede permitir a atacantes escribir en ubicaciones arbitrarias fuera de la carpeta de destino designada • https://github.com/kataras/iris/commit/e213dba0d32ff66653e0ef124bc5088817264b08 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMKATARASIRIS-2325169 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMKATARASIRISV12-2325170 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2001-0184 – eEye Digital Security IRIS 1.0.1 - GET Denial of Service
https://notcve.org/view.php?id=CVE-2001-0184
eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet. • https://www.exploit-db.com/exploits/20589 http://archives.neohapsis.com/archives/bugtraq/2001-01/0343.html http://archives.neohapsis.com/archives/bugtraq/2001-01/0352.html http://www.securityfocus.com/bid/2278 https://exchange.xforce.ibmcloud.com/vulnerabilities/5981 •
CVE-2000-0734 – eEye Digital Security IRIS 1.0.1 / SpyNet CaptureNet 3.0.12 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-0734
eEye IRIS 1.01 beta allows remote attackers to cause a denial of service via a large number of UDP connections. • https://www.exploit-db.com/exploits/20184 http://marc.info/?l=bugtraq&m=96774637326591&w=2 http://www.securityfocus.com/bid/1627 •