CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50712 – Improper Neutralization of Alternate XSS Syntax in iris-web
https://notcve.org/view.php?id=CVE-2023-50712
22 Dec 2023 — Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activitie... • https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-87: Improper Neutralization of Alternate XSS Syntax •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30615 – Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in iris-web
https://notcve.org/view.php?id=CVE-2023-30615
25 May 2023 — Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on... • https://github.com/dfir-iris/iris-web/releases/tag/v2.2.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 2CVE-2021-23772 – Arbitrary File Write
https://notcve.org/view.php?id=CVE-2021-23772
24 Dec 2021 — This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder. Esto afecta a todas las versiones del paquete github.com/kataras/iris; todas las versiones del paquete github.com/kataras/iris/v12. Un manejo no seguro de los nombres de archivo durante la carga usando el método UploadFormFiles p... • https://github.com/kataras/iris/commit/e213dba0d32ff66653e0ef124bc5088817264b08 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 3CVE-2001-0184 – eEye Digital Security IRIS 1.0.1 - GET Denial of Service
https://notcve.org/view.php?id=CVE-2001-0184
09 Mar 2001 — eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet. • https://www.exploit-db.com/exploits/20589 •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 2CVE-2000-0734 – eEye Digital Security IRIS 1.0.1 / SpyNet CaptureNet 3.0.12 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-0734
21 Sep 2000 — eEye IRIS 1.01 beta allows remote attackers to cause a denial of service via a large number of UDP connections. • https://www.exploit-db.com/exploits/20184 •