Lucene search
K

45 matches found

Prion
Prion
•added 2020/06/04 4:15 p.m.•12 views

Cross site scripting

Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...

4.3CVSS5.8AI score0.01086EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
•added 2020/06/04 3:30 p.m.•25 views

CVE-2019-16384

Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions...

6.5AI score0.01086EPSS
Exploits1References1
CVE
CVE
•added 2020/06/04 3:30 p.m.•60 views

CVE-2019-16384

CVE-2019-16384 affects Cybele Software Thinfinity VirtualUI (version 2.5.17.2). The vulnerability is a path traversal flaw that allows accessing files outside the web directory if the attacker knows the exact location and has permissions. Root cause described as improper filtering of path element...

6.5CVSS6.5AI score0.01086EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
•added 2020/06/04 3:29 p.m.•23 views

CVE-2019-16385

Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...

6AI score0.01086EPSS
Exploits2References1
CVE
CVE
•added 2020/06/04 3:29 p.m.•60 views

CVE-2019-16385

Cybele Thinfinity VirtualUI 2.5.17.2 is affected by CVE-2019-16385 due to an HTTP response splitting flaw via the mimetype parameter in a PDF viewer request, enabling a reflected XSS when a user loads a malicious PDF request (example.pdf?mimetype=...). Red Hat advisory RH:CVE-2019-16385 corrobora...

6.1CVSS5.8AI score0.008EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder