ReportizFlow
Filtered by vendor Userspice
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25349 | 1 Userspice | 1 Userspice | 2026-05-25 | 6.1 Medium |
| userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators visit the audit log page. | ||||
| CVE-2018-25350 | 1 Userspice | 1 Userspice | 2026-05-25 | 9.8 Critical |
| userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system. | ||||
Page 1 of 1.