EUVD-2020-5513

Malware in sbrugna...

EUVD-2020-5512

Malware in sbrugna...

BooleBox Stored Cross-Site Scripting (CVE-2020-13248)

A stored cross-site scripting vulnerability exists in BooleBox. This vulnerability is due to insufficient validation of user avatar json parameter. Successful exploitation could result in execution of arbitrary scripts on the affected system...

Boole Server BooleBox Secure File Sharing Utility Injection Vulnerability

Boole Server BooleBox Secure File Sharing Utility is a file sharing system from Boole Server Italy. The system is mainly used for encrypted file storage and sharing. An injection vulnerability exists in Boole Server BooleBox Secure File Sharing Utility. The vulnerability can be exploited to execu...

CVE-2020-13247

BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area...

CVE-2020-13247

BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area...

Design/Logic Flaw

BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area...

CVE-2020-13247

BooleBox Secure File Sharing Utility (before 4.2.3.0) is affected by two CVEs in the dataset: CVE-2020-13247 enables CSV injection via a crafted username exported from activity logs in Audit Area; CVE-2020-13248 enables stored XSS via a crafted avatar field in My Account JSON data to Account.aspx...

CVE-2020-13247

BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area...

CVE-2020-13248

BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx...

CVE-2020-13248

BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx...

Cross site scripting

BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx...

CVE-2020-13248

BooleBox Secure File Sharing Utility pre-4.2.3.0 suffers a stored XSS vulnerability (CVE-2020-13248) in the My Account avatar data sent to Account.aspx. A crafted avatar field can execute scripts in the affected session. Root cause: insufficient validation of the avatar JSON parameter. The CVE en...

CVE-2020-13248

BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx...