Skip to main content

Connection Broker

3 CVEs product

Monthly

CVE-2021-38157 MEDIUM POC This Month

LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connection Broker
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-26574 CRITICAL POC Act Now

Leostream Connection Broker 8.2.x is affected by stored XSS. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connection Broker
NVD
CVSS 3.1
9.6
EPSS
2.1%
CVE-2018-18817 HIGH This Week

The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Agent Connection Broker
NVD
CVSS 3.0
7.5
EPSS
1.1%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connection Broker
NVD GitHub
EPSS 2% CVSS 9.6
CRITICAL POC Act Now

Leostream Connection Broker 8.2.x is affected by stored XSS. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connection Broker
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Agent Connection Broker
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy