Sencha
Products
2- 8 CVEs
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8046 | Med | 0.45 | 6.1 | 0.67 | Jul 5, 2018 | The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip()… | ||
| CVE-2023-28616 | 0.00 | — | 0.00 | Dec 26, 2023 | An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and… | |||
| CVE-2023-34198 | 0.00 | — | 0.01 | Dec 25, 2023 | In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in… | |||
| CVE-2020-11711 | 0.00 | — | 0.00 | Aug 25, 2023 | An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin… | |||
| CVE-2021-28096 | 0.00 | — | 0.01 | Jan 27, 2022 | An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. | |||
| CVE-2021-28127 | 0.00 | — | 0.01 | Jul 1, 2021 | An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. | |||
| CVE-2021-28665 | 0.00 | — | 0.01 | May 6, 2021 | Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service. | |||
| CVE-2012-1237 | 0.00 | — | 0.01 | Apr 6, 2012 | Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2006-6413 | 0.00 | — | 0.01 | Dec 10, 2006 | Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- risk 0.45cvss 6.1epss 0.67
The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip()…
- CVE-2023-28616Dec 26, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and…
- CVE-2023-34198Dec 25, 2023risk 0.00cvss —epss 0.01
In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in…
- CVE-2020-11711Aug 25, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin…
- CVE-2021-28096Jan 27, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.
- CVE-2021-28127Jul 1, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.
- CVE-2021-28665May 6, 2021risk 0.00cvss —epss 0.01
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.
- CVE-2012-1237Apr 6, 2012risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users.
- CVE-2006-6413Dec 10, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.