Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
SmartfoxserverSmartfoxserver

3 matches found

CVE
CVEadded 2021/02/09 7:11 p.m.57 views

CVE-2021-26551

SmartFoxServer 2.17.0 is affected by CVE-2021-26551, allowing an attacker to execute arbitrary Python code by enabling the Console module. The attack is carried out by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to bypass the javashell.py protection mechanism ...

8.8CVSS8.8AI score0.00175EPSS
CVE
CVEadded 2021/02/09 7:7 p.m.53 views

CVE-2021-26550

CVE-2021-26550 affects SmartFoxServer 2X, specifically version 2.17.0. The issue enables cleartext password disclosure via the configuration file /config/server.xml. The root cause, as described in multiple sources, is that sensitive information is stored in an unencrypted XML file, allowing a lo...

5.5CVSS5.5AI score0.00091EPSS
CVE
CVEadded 2021/02/09 7:3 p.m.49 views

CVE-2021-26549

CVE-2021-26549 : SmartFoxServer 2X/2.17.0 exposes a cross-site scripting vulnerability in the AdminTool console where input is not properly sanitized before reflection. This enables an attacker to inject arbitrary HTML/JS that can execute in a user’s browser within the context of the affected sit...

5.4CVSS5.6AI score0.01432EPSS