RSS   Podatności dla 'Gemini-net'   RSS

2022-06-02
 
CVE-2022-29540

CWE-79
 

 
resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,

 
2022-05-12
 
CVE-2022-29539

CWE-20
 

 
resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;\r\ commands) and inject arbitrary system commands with the privileges of the application user.

 


Copyright 2024, cxsecurity.com

 

Back to Top