Daloradius Security Vulnerabilities

CVE-2022-23475

daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected ...

CVE-2022-4366

Missing Authorization in GitHub repository lirantal/daloradius prior to master branch.

CVE-2022-4630

Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master.

CVE-2023-0046

Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch.

CVE-2023-0048

Code Injection in GitHub repository lirantal/daloradius prior to master-branch.

CVE-2023-0337

Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.

CVE-2023-0338

Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.