Xsuite
by Xceedium
CVEs (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-4667 | Cri | 0.69 | 9.8 | 0.24 | Sep 25, 2017 | Multiple hardcoded credentials in Xsuite 2.x. | |
| CVE-2015-4669 | Hig | 0.54 | 7.8 | 0.00 | Sep 25, 2017 | The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | |
| CVE-2015-4668 | Med | 0.43 | 6.1 | 0.04 | Sep 25, 2017 | Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. | |
| CVE-2015-4666 | 0.04 | — | 0.16 | Aug 13, 2015 | Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter. | ||
| CVE-2015-4665 | 0.03 | — | 0.03 | Aug 13, 2015 | Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter. |