RSS   Podatności dla 'Publixone'   RSS

2020-10-27
 
CVE-2020-27183

CWE-200
 

 
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.

 
 
CVE-2020-27182

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.

 
 
CVE-2020-27181

CWE-326
 

 
A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files.

 
 
CVE-2020-27180

CWE-200
 

 
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.

 
 
CVE-2020-27179

CWE-640
 

 
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.

 


Copyright 2024, cxsecurity.com

 

Back to Top