Connection Broker@* Security Vulnerabilities and Issues — Connection Broker@* CVE List

Lucene search

LeostreamConnection Broker*

3 matches found

CVE•added 2021/08/06 9:15 p.m.•91 views

CVE-2021-38157

LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

6.1CVSS5.9AI score0.00617EPSS

CVE•added 2020/10/06 3:15 p.m.•40 views

CVE-2020-26574

Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malici...

9.6CVSS9.1AI score0.03087EPSS

CVE•added 2018/10/30 1:29 a.m.•29 views

CVE-2018-18817

The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API.

7.5CVSS7.5AI score0.00235EPSS