18 matches found
EUVD-2019-3948
Malware in sbrugna...
EUVD-2019-3939
Malware in sbrugna...
Centraleyezer Cross-Site Scripting Vulnerability
Centraleyezer is a vulnerability tracking and management platform. The platform is used for vulnerability reporting, prioritization, escalation and tracking of vulnerabilities. A cross-site scripting vulnerability exists in Centraleyezer On Premises that can be exploited by an attacker to execute...
Centraleyezer Cross-Site Scripting Vulnerability (CNVD-2019-42571)
Centraleyezer is a vulnerability tracking and management platform. The platform is used for vulnerability reporting, prioritization, escalation and tracking of vulnerabilities. A cross-site scripting vulnerability exists in Centraleyezer On Premises, which can be exploited by an attacker to uploa...
CVE-2019-12311
Sandline Centraleyezer On Premises allows Unrestricted File Upload leading to Stored XSS. An HTML page running a script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded...
CVE-2019-12299
Sandline Centraleyezer On Premises allows Stored XSS using HTML entities in the name field of the Category section...
CVE-2019-12271
Sandline Centraleyezer On Premises allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side...
Unrestricted file upload
Sandline Centraleyezer On Premises allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side...
Design/Logic Flaw
Sandline Centraleyezer On Premises allows Stored XSS using HTML entities in the name field of the Category section...
Unrestricted file upload
Sandline Centraleyezer On Premises allows Unrestricted File Upload leading to Stored XSS. An HTML page running a script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded...
CVE-2019-12311
CVE-2019-12311 affects Sandline Centraleyezer (On Premises). The issue is an unrestricted file upload vulnerability in Centraleyezer that allows uploading an HTML page containing a script, which can be loaded when a victim downloads a CISO Report template, leading to stored XSS. Multiple connecte...
CVE-2019-12299
Sandline Centraleyezer On Premises allows Stored XSS using HTML entities in the name field of the Category section...
CVE-2019-12299
The connected records confirm a Stored XSS vulnerability in Sandline Centraleyezer (On Premises) affecting the Category section’s name field. Root cause: lack of proper validation of client-side data (HTML entities). Impact: client-side code execution. No version-specific affected components or p...
CVE-2019-12271
Sandline Centraleyezer (On Premises) is affected by CVE-2019-12271 due to server-side lack of enforcement for uploaded filename extensions (adding ".jpg" is not enforced). This enables unrestricted file upload, with the potential for dangerous file types to be uploaded and, per CNVD-2020-03045, p...
CVE-2019-12271
Sandline Centraleyezer On Premises allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side...
Centraleyezer File Upload Vulnerability
Centraleyezer is a vulnerability tracking and management platform. The platform is used for vulnerability reporting, prioritization, escalation and tracking of vulnerabilities. A security vulnerability exists in Centraleyezer. An attacker can exploit the vulnerability to upload dangerous types of...
Centraleyezer Cross-Site Scripting Vulnerability (CNVD-2020-03037)
Centraleyezer is a vulnerability tracking and management platform. The platform is used for vulnerability reporting, prioritization, escalation and tracking of vulnerabilities. A cross-site scripting vulnerability exists in Centraleyezer On Premises. The vulnerability stems from a lack of proper...
Centraleyezer File Upload Vulnerability (CNVD-2020-03038)
Centraleyezer is a vulnerability tracking and management platform. The platform is used for vulnerability reporting, prioritization, escalation and tracking of vulnerabilities. A file upload vulnerability exists in Centraleyezer On Premises. An attacker can exploit this vulnerability to upload HT...