Bonitasoft » Bonita Bpm Portal : Security Vulnerabilities, CVEs,

CVE-2024-27609

Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-04-01

CVE-2015-3898

Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
Max CVSS
6.1
EPSS Score
0.17%
Published
2018-02-28
Updated
2019-04-30

CVE-2015-3897

Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
Max CVSS
5.0
EPSS Score
74.71%
Published
2015-06-18
Updated
2018-10-09
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close