RSS   Vulnerabilities for 'Storegrid'   RSS

2019-02-23
 
CVE-2014-10079

CWE-200
 

 
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.

 
 
CVE-2014-10078

CWE-79
 

 
Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.

 

 >>> Vendor: Vembu 3 Products
Storegrid
Bdr suite
Offsite dr


Copyright 2024, cxsecurity.com

 

Back to Top