4 matches found
CVE-2016-5073
CloudView NMS (before 2.10a) is reported vulnerable to Cross‑Site Scripting (XSS) via SNMP. The CNVD entry confirms a remote attacker can inject arbitrary script/HTML through SNMP, with impact limited to the web interface’s confidentiality/ integrity, and requires no authentication due to SNMP ex...
CVE-2016-5074
CVE-2016-5074 affects CloudView NMS prior to version 2.10a. Connected sources consistently describe a format-string vulnerability in CloudView NMS that is exploitable over SNMP. The vulnerability arises in formatting-related handling within the affected component, enabling potential descriptor in...
CVE-2016-5075
CloudView NMS (before 2.10a) is affected by a Cross-Site Scripting (XSS) vulnerability via a TELNET login. Root cause: XSS in the login flow. Impact as described: vulnerability could allow injection of script/HTML. Affected version: prior to 2.10a; fix likely in 2.10a or later (document implies u...
CVE-2016-5076
CloudView NMS is affected by CVE-2016-5076: prior to version 2.10a, a remote attacker can disclose sensitive information by making a direct request to admin/auto.def. Affected product: CloudView NMS; vulnerable component/endpoint is the admin/auto.def request path; root cause is information discl...