This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Count First view 2022-05-17
Product Countly Server Last view 2023-02-20
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:count:countly_server

Activity : Overall

Related : CVE

  Date Alert Description
9 2023-02-20 CVE-2021-32852

Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.

8.1 2022-05-17 CVE-2022-29174

countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this information to reset the password and take over the account. The problem has been patched in Countly Server version 22.03.7 for servers using the new user interface and in 21.11.4 for servers using the old user interface.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-640 Weak Password Recovery Mechanism for Forgotten Password
50% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')