Thinfinity Virtualui Security Vulnerabilities and Issues — Thinfinity Virtualui CVE List

Lucene search

CybelesoftThinfinity Virtualui

3 matches found

CVE•added 2021/12/16 4:15 a.m.•59 views

CVE-2021-45092

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.

9.8CVSS9.5AI score0.88003EPSS

CVE•added 2021/12/13 2:15 a.m.•55 views

CVE-2021-44848

In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.

5.3CVSS5.7AI score0.47202EPSS

CVE•added 2021/12/20 9:15 a.m.•37 views

CVE-2021-44554

Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to...

5.3CVSS5.2AI score0.00232EPSS