Xceedium
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-4667 | Cri | 0.68 | 9.8 | 0.11 | Sep 25, 2017 | Multiple hardcoded credentials in Xsuite 2.x. | ||
| CVE-2015-4669 | Hig | 0.54 | 7.8 | 0.01 | Sep 25, 2017 | The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | ||
| CVE-2015-4668 | Med | 0.43 | 6.1 | 0.07 | Sep 25, 2017 | Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. | ||
| CVE-2015-4666 | 0.04 | — | 0.16 | Aug 13, 2015 | Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter. | |||
| CVE-2015-4665 | 0.03 | — | 0.03 | Aug 13, 2015 | Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter. |
- risk 0.68cvss 9.8epss 0.11
Multiple hardcoded credentials in Xsuite 2.x.
- risk 0.54cvss 7.8epss 0.01
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
- risk 0.43cvss 6.1epss 0.07
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
- CVE-2015-4666Aug 13, 2015risk 0.04cvss —epss 0.16
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.
- CVE-2015-4665Aug 13, 2015risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.