4 matches found
Cybele Software Thinfinity VirtualUI Path Traversal Vulnerability
Cybele Software Thinfinity VirtualUI is a solution from Cybele Software that supports embedding remote Windows applications into standard Web applications, allowing two-way interaction with Javascript programming. A path traversal vulnerability exists in Cybele Software Thinfinity VirtualUI versi...
Cybele Software Thinfinity VirtualUI Cross-Site Scripting Vulnerability
Cybele Software Thinfinity VirtualUI is a solution from Cybele Software that supports embedding remote Windows applications into standard Web applications, allowing two-way interaction with Javascript programming. A cross-site scripting vulnerability exists in Cybele Software Thinfinity VirtualUI...
CVE-2019-16384
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions...
CVE-2019-16385
Cybele Thinfinity VirtualUI 2.5.17.2 is affected by CVE-2019-16385 due to an HTTP response splitting flaw via the mimetype parameter in a PDF viewer request, enabling a reflected XSS when a user loads a malicious PDF request (example.pdf?mimetype=...). Red Hat advisory RH:CVE-2019-16385 corrobora...