Lucene search
K
CybelesoftThinfinity Virtualui

6 matches found

CVE
CVE
added 2022/02/09 1:10 p.m.98 views

CVE-2021-46354

CVE-2021-46354 affects Thinfinity VirtualUI versions 2.1.28.0, 2.1.32.1, and 2.5.26.2; fixed in 3.0. The vulnerability is an information disclosure caused by the Addr parameter in the cmd site, enabling the vulnerable server to send requests to external systems and potentially reveal the real IP ...

7.5CVSS7.2AI score0.12785EPSS
Web
CVE
CVE
added 2021/12/16 3:7 a.m.78 views

CVE-2021-45092

CVE-2021-45092 affects Thinfinity VirtualUI prior to 3.0. Affected component: the /lab.html endpoint (reachable by default), where the vpath parameter can be used to inject an IFRAME. Under the described conditions, exploitation could lead to iframeing external sites, with potential impact depend...

9.8CVSS9.5AI score0.39973EPSS
In wildWeb
CVE
CVE
added 2021/12/13 1:8 a.m.76 views

CVE-2021-44848

Thinfinity VirtualUI (before 3.0) has a user-enumeration flaw in /changePassword: responses differ based on whether the username exists, enabling an attacker to determine valid usernames (e.g., Administrator, Guest). This credential disclosure stems from the authentication response behavior and i...

5.3CVSS5.7AI score0.23141EPSS
Web
CVE
CVE
added 2020/06/04 3:30 p.m.61 views

CVE-2019-16384

CVE-2019-16384 affects Cybele Software Thinfinity VirtualUI (version 2.5.17.2). The vulnerability is a path traversal flaw that allows accessing files outside the web directory if the attacker knows the exact location and has permissions. Root cause described as improper filtering of path element...

6.5CVSS6.5AI score0.01086EPSS
CVE
CVE
added 2020/06/04 3:29 p.m.61 views

CVE-2019-16385

Cybele Thinfinity VirtualUI 2.5.17.2 is affected by CVE-2019-16385 due to an HTTP response splitting flaw via the mimetype parameter in a PDF viewer request, enabling a reflected XSS when a user loads a malicious PDF request (example.pdf?mimetype=...). Red Hat advisory RH:CVE-2019-16385 corrobora...

6.1CVSS5.8AI score0.008EPSS
CVE
CVE
added 2021/12/20 8:31 a.m.53 views

CVE-2021-44554

CVE-2021-44554 affects Thinfinity VirtualUI prior to 3.0. The vulnerability allows an unauthenticated attacker to enumerate Windows OS usernames via the /changePassword URI, returning messages that reveal whether a username exists, with language variation based on VirtualUI configuration (example...

5.3CVSS5.2AI score0.01029EPSS