Vulnerabilities in Sherpa
4 resultsCVE-2025-46546LOWIn Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asseEPSS 0.3%CVE-2025-46544MEDIUMIn Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles.EPSS 0.2%CVE-2025-46545MEDIUMIn Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through tEPSS 0.2%CVE-2025-46547MEDIUMIn Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XEPSS 0.1%