5 matches found
CVE-2019-19611
Affected product: Halvotec RaQuest 10.23.10801.0. Vulnerability: an exposed web service allows an anonymous user to access the list of connected users and their session cookies (information disclosure). Root cause / details: the initial documents state the issue but do not provide deeper technica...
CVE-2019-19614
CVE-2019-19614 affects Halvotec RAQuest 10.23.10801.0, where the login page is vulnerable to a wildcard injection. This flaw allows an attacker to enumerate the list of users sharing an identical password, constituting an information disclosure vulnerability. The issue is fixed in Release 10.24.1...
CVE-2019-19612
The CVE-2019-19612 issue affects Halvotec RaQuest 10.23.10801.0, where stored Cross-site Scripting (XSS) is possible due to a flaw in how the application validates client data. The root cause is lack of proper input validation in the web application, enabling attacker-controlled content to be sto...
CVE-2019-19613
Halvotec RaQuest 10.23.10801.0 admin login page is vulnerable to an Open Redirect. An attacker on the same network can modify the victim’s request to redirect to a malicious site after authentication; fixed in Release 24.2020.20608.0.
CVE-2019-19610
The CVE-2019-19610 entry describes a session fixation vulnerability affecting Halvotec RaQuest version 10.23.10801.0. The issue is that an attacker could influence or abuse a user’s session identifier, with the fixed version released as 24.2020.20608.0. The vulnerability is demonstrated in the co...