CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5174 – Broken Authentication in Gliffy
https://notcve.org/view.php?id=CVE-2024-5174
24 Feb 2025 — A flaw in Gliffy results in broken authentication through the reset functionality of the application. • https://portal.perforce.com/s/detail/a91PA000001ScD3YAK • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7141 – CSRF in Gliffy
https://notcve.org/view.php?id=CVE-2024-7141
20 Feb 2025 — Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw. • https://portal.perforce.com/s/detail/a91PA000001Sc8DYAS • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10315 – Insecure Configuration in Gliffy Online
https://notcve.org/view.php?id=CVE-2024-10315
11 Nov 2024 — In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6 In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD. • https://portal.perforce.com/s/detail/a91PA000001SZVJYA4 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 9.1EPSS: 1%CPEs: 29EXPL: 0CVE-2012-2928
https://notcve.org/view.php?id=CVE-2012-2928
22 May 2012 — The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. El complemento Gliffy para Atlassian JIRA v3.7.1, y en version anteriores ala v4.2 para Atlassian Confluence, no restringe correctamente las capacidades de los analizadores XML de tercer nivel, lo que permite leer fic... • http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 • CWE-264: Permissions, Privileges, and Access Controls •