Powermedia Xms Security Vulnerabilities and Issues — Powermedia Xms CVE List

Lucene search

DialogicPowermedia Xms

3 matches found

CVE•added 2018/07/03 5:29 p.m.•34 views

CVE-2018-11639

Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext.

8.1CVSS8AI score0.00475EPSS

CVE•added 2018/07/03 5:29 p.m.•27 views

CVE-2018-11636

Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.

8.8CVSS8.8AI score0.00215EPSS

CVE•added 2018/07/03 5:29 p.m.•26 views

CVE-2018-11643

SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.

8.8CVSS8.8AI score0.0045EPSS