RSS   Podatności dla 'Centraleyezer'   RSS

2019-11-18
 
CVE-2019-12311

CWE-79
 

 
Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML page running a script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded.

 
 
CVE-2019-12299

CWE-79
 

 
Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in the name field of the Category section.

 
 
CVE-2019-12271

CWE-434
 

 
Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side.

 


Copyright 2024, cxsecurity.com

 

Back to Top