Filigran Opencti vulnerabilities
2 known vulnerabilities affecting filigran/opencti.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-37041P3HIGHCVSS 7.5v3.3.12026-01-30
CVE-2020-37041 [HIGH] CWE-22 CVE-2020-37041: OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthen
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../../../../../../../../etc/passwd returns the contents of /etc/pas
nvd
CVE-2020-37044P4MEDIUMCVSS 6.1v3.3.12026-01-30
CVE-2020-37044 [MEDIUM] CWE-79 CVE-2020-37044: OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoi
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'"-->alert('Raif_Berkay')
nvd