Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

SicuroWeb (Sicuro24)

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-41468
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.08% / 24.19%
||
7 Day CHG+0.01%
Published-22 Apr, 2026 | 18:04
Updated-22 Apr, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser compromise. Network-adjacent attackers can deliver the complete injection and escape chain via MITM in plaintext HTTP deployments without active user interaction.

Action-Not Available
Vendor-Beghelli
Product-SicuroWeb (Sicuro24)
CWE ID-CWE-1104
Use of Unmaintained Third Party Components
CVE-2026-41469
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 9.70%
||
7 Day CHG+0.01%
Published-22 Apr, 2026 | 18:04
Updated-22 Apr, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Beghelli Sicuro24 SicuroWeb Missing Content Security Policy

Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application, the absence of CSP removes the browser-enforced restriction that would otherwise block external script execution, enabling attackers to load arbitrary remote payloads into operator browser sessions.

Action-Not Available
Vendor-Beghelli
Product-SicuroWeb (Sicuro24)
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-22191
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 0.70%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 01:18
Updated-22 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Beghelli Sicuro24 SicuroWeb AngularJS Template Injection

Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by the AngularJS 1.5.2 runtime to achieve arbitrary JavaScript execution in operator browser sessions, with network-adjacent attackers able to deliver payloads via MITM injection in plaintext HTTP deployments.

Action-Not Available
Vendor-gvectorsBeghelli
Product-wpdiscuzSicuroWeb (Sicuro24)
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine