An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.
4.3CVSS
4.5AI Score
0.001EPSS
An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Cerebrate through 1.4. Username enumeration could occur.
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component.
6.1CVSS
5.9AI Score
0.001EPSS
Cerebrate 1.12 does not properly consider organisation_id during creation of API keys.
9.1CVSS
9.1AI Score
0.002EPSS
9.8CVSS
9.7AI Score
0.002EPSS
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.
4.3CVSS
4.4AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS