RSS   Vulnerabilities for 'Trixbox'   RSS

2018-02-15
 
CVE-2017-14537

CWE-22
 

 
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

 
 
CVE-2017-14536

CWE-79
 

 
trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.

 
 
CVE-2017-14535

CWE-78
 

 
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

 


Copyright 2022, cxsecurity.com

 

Back to Top