MidnightBSD

Advisories for radixiot

CVE-2024-37844

A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Products Affected

Vendor Product Version
radixiot mango *
CVE-2024-37846

MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.

Products Affected

Vendor Product Version
radixiot mango *
CVE-2024-37847

An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.

Products Affected

Vendor Product Version
radixiot mangoapi *
radixiot mango *