Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) FreeTAKServer is an An open source server for the TAK family of applications. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the `addSysteUser` , `file_hash`, `read_yaml_config` methods and `username` parameter. How to fix Cross-site Scripting (XSS)? Upgrade `FreeTAKServer` to version 2.0.21 or higher.	[,2.0.21)
H Use of Hard-coded Credentials FreeTAKServer is an An open source server for the TAK family of applications. Affected versions of this package are vulnerable to Use of Hard-coded Credentials. This package contains a hardcoded Flask secret key that allows attackers to create crafted cookies to bypass authentication or escalate privileges. How to fix Use of Hard-coded Credentials? Upgrade `FreeTAKServer` to version 1.9.8.5 or higher.	[,1.9.8.5)
H Improper Access Control FreeTAKServer is an An open source server for the TAK family of applications. Affected versions of this package are vulnerable to Improper Access Control in the component `/ManageRoute/postRoute` which allows unauthenticated attackers to cause a Denial of Service via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. How to fix Improper Access Control? Upgrade `FreeTAKServer` to version 1.9.8.6 or higher.	[0,1.9.8.6)

Go back to all versions of this package