MidnightBSD

Advisories for tp4a

CVE-2018-19301 MEDIUM

tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp4a teleport 3.1.0
CVE-2018-19555 MEDIUM

tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
tp4a teleport 3.1.0