5 matches found
CVE-2015-9247
Skybox Platform prior to 7.5.401 contains a reflected cross-site scripting (XSS) vulnerability in /skyboxview/webservice/services/VersionRepositoryWebService via the soapenv:Body element, or in the status parameter to login.html. The issue is caused by insufficient input sanitization on these par...
CVE-2015-9246
CVE-2015-9246 affects Skybox Platform; remote unauthenticated code execution via a WAR containing a JSP is possible. The WAR is delivered to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP executes at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost. Af...
CVE-2015-9249
CVE-2015-9249 concerns Skybox Platform. Several connected sources confirm an SQL injection vulnerability in /skyboxview/webservice/services/VersionWebService reachable via soapenv:Body. The CVE record states the issue exists in Skybox Platform before 7.5.201; CNVD notes versions prior to 7.5.401....
CVE-2015-9250
CVE-2015-9250 affects Skybox Platform prior to versions 7.5.201 (NVD entry) and 7.5.401 (CNVD entry). A directory traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter, enabling retrieval of arbitrary files (as stated by...
CVE-2015-9248
Skybox Platform is affected by a stored cross-site scripting (XSS) in Change Manager. Multiple sources report this vulnerability in the web path /skyboxview/webskybox/tickets, with Skybox Platform versions prior to 7.5.201 (NVD) and prior to 7.5.401 (CNVD) being vulnerable. The issue concerns the...