805 matches found
CVE-2024-3796
CVE-2024-3796 affects WBSAirback 21.02.04 with a stored XSS in the /admin/BackupSchedule endpoint (description field). A remote attacker could send a crafted URL to steal session data. Exploitation details are not confirmed in all sources, but PT-2024-27865 recommends disabling access to the /adm...
CVE-2024-3795 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/BackupTemplate, name / description fields. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...
CVE-2024-3795 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/BackupTemplate, name / description fields. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...
CVE-2024-3795
WBSAirback 21.02.04 is affected by a stored XSS vulnerability in the /admin/BackupTemplate endpoint, specifically in the name and description fields. The vulnerability could let an attacker craft a URL to execute script in a victim’s browser and potentially steal session data. Affected software/c...
CVE-2024-3794 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...
CVE-2024-3794
CVE-2024-3794 affects WBSAirback 21.02.04 with a stored XSS vulnerability in the /admin/AdvancedSystem endpoint (description field, all parameters). The issue could allow a remote attacker to craft a URL to steal session data. No patch/version details are provided in the documents; a PT-2024-2784...
CVE-2024-3793 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and stea...
CVE-2024-3793
WBSAirback 21.02.04 is affected by a stored XSS via the /admin/CloudAccounts endpoint, impacting fields such as account name, user password, and server in multiple parameters. An attacker could deliver a crafted URL to harvest session data. Remediation guidance from PT Security suggests disabling...
CVE-2024-3793 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and stea...
CVE-2024-3792 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session dat...
CVE-2024-3792 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session dat...
CVE-2024-3791 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim an...
CVE-2024-3791 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim an...
CVE-2024-3791
WBSAirback (version 21.02.04) contains a stored XSS in /admin/SystemConfiguration, affecting the name, free memory limit fields, and type/password parameters. Exploitation could allow a remote attacker to craft a URL that steals session data. The PT-2024-27822 entry provides concrete details of t...
CVE-2024-3790 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their...
CVE-2024-3790 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their...
CVE-2024-3790
Summary : CVE-2024-3790 affects WBSAirback 21.02.04 via a stored XSS flaw exposed at the /admin/SystemUsers endpoint, specifically in the login, description fields, and the passwd1/passwd2 parameters. The vulnerability could allow a remote attacker to deliver a crafted URL that steals session dat...
PT-2024-27865 · Unknown · Wbsairback
Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue is a stored Cross-Site Scripting XSS vulnerability that occurs through the "/admin/BackupSchedule" endpoint, specifically in the description field. This could allow a remote user to send a...
PT-2024-27835 · Unknown · Wbsairback
Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue is a stored Cross-Site Scripting XSS vulnerability. It occurs through the "/admin/CloudAccounts" API endpoint, specifically in the account name, user password, and server fields, affecting al...
PT-2024-27817 · Unknown · Wbsairback
Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue is a stored Cross-Site Scripting XSS vulnerability. It occurs through the /admin/SystemUsers endpoint, specifically in the login and description fields, and the passwd1 and passwd2 parameters...