Publixone Security Vulnerabilities

CVE-2020-27180

konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID...

CVE-2020-27179

konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset...

CVE-2020-27182

Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login...

CVE-2020-27183

A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other...

CVE-2020-27181

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration...