RSS   Podatności dla 'Business manager'   RSS

2009-02-23
 
CVE-2009-0700

CWE-264
 

 
Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to pagesUTF8/auftrag_job.jsp.

 
 
CVE-2009-0699

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters.

 


Copyright 2024, cxsecurity.com

 

Back to Top