5 matches found
CVE-2018-19555
tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password...
Default credentials
tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password...
TELEPORT Cross-Site Scripting Vulnerability
tp4a TELEPORT is a bastion system. The system supports hopping and management of RDP and SSH protocols. A cross-site scripting vulnerability exists in tp4a TELEPORT version 3.1.0, which stems from the program failing to properly handle specially crafted usernames. A remote attacker can exploit th...
Cross site scripting
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log...
CVE-2018-19301
CVE-2018-19301 affects tp4a TELEPORT 3.1.0 and is an XSS vulnerability: a crafted username mishandled on the login page can be reflected when an administrator later views the system log. Multiple sources (NVD entry, CNVD/CVEs) describe the issue as a cross-site scripting flaw in the login flow, t...