Cachecloud
Monthly
A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Reflected cross-site scripting (XSS) in SohuTV CacheCloud up to version 3.2.0 allows remote attackers to inject malicious scripts via the LoginController initialization function, requiring user interaction to execute. The vulnerability has a public exploit available but represents low real-world risk due to CVSS 2.1 score, minimal EPSS exploitation probability (0.04%), and the requirement for user click-through. The vendor has not responded to early disclosure through a GitHub issue.
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/MachineManageController.java. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Stored cross-site scripting (XSS) in SohuTV CacheCloud up to version 3.2.0 allows high-privileged authenticated users to inject malicious scripts via the doQuartzList function in QuartzManageController.java, affecting users who interact with crafted content. The vulnerability requires high privileges (PR:H) and user interaction (UI:P), limiting real-world impact despite remote network accessibility. Public exploit code is available, but EPSS exploitation probability is exceptionally low at 0.04% (11th percentile), suggesting the attack requires substantial prerequisites unlikely to occur in typical deployments.
A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Reflected cross-site scripting (XSS) in SohuTV CacheCloud up to version 3.2.0 allows authenticated high-privilege users to inject malicious scripts via the taskQueueList function in TaskController.java, requiring user interaction for exploitation. The vulnerability has publicly available exploit details and a low EPSS score of 0.04%, indicating minimal real-world exploitation risk despite the public disclosure.
A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The project was informed of the problem early through an issue report but has not responded yet.
A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. The project was informed of the problem early through an issue report but has not responded yet.
Reflected cross-site scripting (XSS) in SohuTV CacheCloud up to version 3.2.0 allows authenticated remote attackers to inject malicious scripts via the index function in ServerController.java, requiring user interaction to execute. The exploit is publicly available on GitHub, though the project maintainers have not responded to early disclosure reports. With an EPSS score of 0.03% and CVSS 2.0 severity, real-world exploitation risk is minimal despite public POC availability.
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Stored cross-site scripting (XSS) in SohuTV CacheCloud up to version 3.2.0 allows high-privilege authenticated users to inject malicious scripts via the doTotalList function in TotalManageController.java, which are executed in the browsers of users viewing the affected page. The vulnerability requires user interaction (UI:P) and high privileges (PR:H), limiting real-world impact despite network accessibility. Public exploit code is available, but EPSS probability remains very low (0.04%) due to the authentication and interaction requirements.
A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Reflected cross-site scripting (XSS) in SohuTV CacheCloud up to version 3.2.0 allows remote attackers to inject malicious scripts via the LoginController initialization function, requiring user interaction to execute. The vulnerability has a public exploit available but represents low real-world risk due to CVSS 2.1 score, minimal EPSS exploitation probability (0.04%), and the requirement for user click-through. The vendor has not responded to early disclosure through a GitHub issue.
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/MachineManageController.java. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Stored cross-site scripting (XSS) in SohuTV CacheCloud up to version 3.2.0 allows high-privileged authenticated users to inject malicious scripts via the doQuartzList function in QuartzManageController.java, affecting users who interact with crafted content. The vulnerability requires high privileges (PR:H) and user interaction (UI:P), limiting real-world impact despite remote network accessibility. Public exploit code is available, but EPSS exploitation probability is exceptionally low at 0.04% (11th percentile), suggesting the attack requires substantial prerequisites unlikely to occur in typical deployments.
A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Reflected cross-site scripting (XSS) in SohuTV CacheCloud up to version 3.2.0 allows authenticated high-privilege users to inject malicious scripts via the taskQueueList function in TaskController.java, requiring user interaction for exploitation. The vulnerability has publicly available exploit details and a low EPSS score of 0.04%, indicating minimal real-world exploitation risk despite the public disclosure.
A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The project was informed of the problem early through an issue report but has not responded yet.
A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. The project was informed of the problem early through an issue report but has not responded yet.
Reflected cross-site scripting (XSS) in SohuTV CacheCloud up to version 3.2.0 allows authenticated remote attackers to inject malicious scripts via the index function in ServerController.java, requiring user interaction to execute. The exploit is publicly available on GitHub, though the project maintainers have not responded to early disclosure reports. With an EPSS score of 0.03% and CVSS 2.0 severity, real-world exploitation risk is minimal despite public POC availability.
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Stored cross-site scripting (XSS) in SohuTV CacheCloud up to version 3.2.0 allows high-privilege authenticated users to inject malicious scripts via the doTotalList function in TotalManageController.java, which are executed in the browsers of users viewing the affected page. The vulnerability requires user interaction (UI:P) and high privileges (PR:H), limiting real-world impact despite network accessibility. Public exploit code is available, but EPSS probability remains very low (0.04%) due to the authentication and interaction requirements.