CVE-2024-57386

Medium CVSS: 6.1

Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.

Vendor

Product

CWE

Yayın Tarihi

2025-01-23 22:15:15

Güncelleme

2025-01-31 16:13:06

Source Identifier

cve@mitre.org

KEV Date Added

CWE-79 Wallos MEDIUM Wallosapp 2025

https://github.com/PawaritSanguanpang/CVEs/tree/main/Wallos/CVE-2024-57386

Medium

CVE-2026-33417

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in…

High

CVE-2026-33399

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in v…

Medium

CVE-2026-33400

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scrip…

High

CVE-2026-33401

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in c…

High

CVE-2026-33407

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/se…

Medium

CVE-2026-30839

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.…