136 matches found
CVE-2019-15491
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21...
Server side request forgery (ssrf)
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21...
Session fixation
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21...
Cross site request forgery (csrf)
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21...
Code injection
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21...
Cross site scripting
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21...
CVE-2019-15494
OpenITCOCKPIT before version 3.7.1 is affected by an SSRF vulnerability (CVE-2019-15494). The issue arises in the affected component/functionality as described in the sources, with a fixed release available as openITCOCKPIT-3.7.1. The connected documents confirm the vulnerability and the remediat...
CVE-2019-15494
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21...
CVE-2019-15493
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21...
CVE-2019-15493
openITCOCKPIT prior to 3.7.1 is affected by CVE-2019-15493, allowing deletion of files (RVID 4-445b21). The connected documents confirm the vulnerable platform and impact, but do not provide deeper root-cause details. A patched release, 3.7.1 (tag openITCOCKPIT-3.7.1), is available as remediation...
CVE-2019-15492
OpenITCOCKPIT is affected by CVE-2019-15492: before version 3.7.1 it is vulnerable to reflected XSS (RVID 3-445b21). Impact described as cross-site scripting could allow an attacker to execute client-side code in the context of an authenticated user. The public references indicate a fixed release...
CVE-2019-15492
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21...
CVE-2019-15491
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21...
CVE-2019-15491
OpenITCOCKPIT vulnerable before 3.7.1 due to a Cross-Site Request Forgery (CSRF) flaw (RVID 2-445b21). The issue affects the ability of an attacker to induce unintended requests from a logged-in user. Publicly documented impact is CSRF with implications for authenticated operations; CVSS data in ...
CVE-2019-15490
OpenITCOCKPIT prior to version 3.7.1 is vulnerable to a code-injection flaw. The root cause, as described across multiple sources, is external/input data being used to construct code segments without proper filtering, which can alter execution flow. This vulnerability is associated with versions ...
CVE-2019-15490
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21...