Skip to main content

Publixone

5 CVEs product

Monthly

CVE-2020-27183 CRITICAL Act Now

A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Publixone
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-27182 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Publixone
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-27181 MEDIUM This Month

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Publixone
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-27180 HIGH This Week

konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Publixone
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-27179 CRITICAL Act Now

konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Publixone
NVD
CVSS 3.1
9.8
EPSS
1.3%
EPSS 1% CVSS 9.8
CRITICAL Act Now

A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Publixone
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Publixone
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Publixone
NVD
EPSS 1% CVSS 7.5
HIGH This Week

konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Publixone
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Publixone
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy