7 matches found
CVE-2018-13359
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter...
Code injection
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter...
Cross site scripting
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter...
CVE-2018-13359
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter...
CVE-2018-13361
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter...
CVE-2018-13361
CVE-2018-13361 affects TerraMaster TOS version 3.1.03 (and related entries) via the endpoint in usertable.php , where the modgroup parameter enables an attacker to enumerate all system users. The vulnerability is described as allowing user listing, with no explicit exploitation details provided i...
CVE-2018-13359
TerraMaster TOS 3.1.03 is affected by a cross-site scripting vulnerability in usertable.php via the modgroup parameter, enabling attacker-supplied JavaScript. NVD lists CVE-2018-13359 with CVSS v3 base score 8.8 (HIGH): NETWORK vector, LOW complexity, NONE privileges, UI required, and HIGH impact...