VYPR

Ucrm

by Ubiquiti Inc

Source repositories

CVEs (2)

  • CVE-2017-0912MedJul 3, 2018
    risk 0.35cvss 5.4epss 0.01

    Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit"…

  • CVE-2017-0913MedJul 3, 2018
    risk 0.31cvss 4.7epss 0.00

    Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access…