Razor Security Vulnerabilities and Issues — Razor CVE List

Lucene search

CobubRazor

5 matches found

CVE•added 2018/03/07 5:29 p.m.•61 views

CVE-2018-7745

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/install/installation/createuserinfo requests, resulting in account creation.

7.5CVSS7.5AI score0.17299EPSS

CVE•added 2018/03/18 6:29 a.m.•57 views

CVE-2018-8770

Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTes...

5.3CVSS5.2AI score0.58047EPSS

CVE•added 2018/03/07 5:29 p.m.•43 views

CVE-2018-7746

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.

8.8CVSS8.1AI score0.01339EPSS

CVE•added 2018/03/07 8:29 a.m.•33 views

CVE-2018-7720

A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation.

8.8CVSS8.7AI score0.00342EPSS

CVE•added 2018/03/11 6:29 p.m.•32 views

CVE-2018-8056

Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php.

7.5CVSS7.4AI score0.03098EPSS