Skip to main content

Xsuite

5 CVEs product

Monthly

CVE-2015-4669 HIGH POC This Week

The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xsuite
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2015-4668 MEDIUM POC This Month

Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Xsuite
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
4.2%
CVE-2015-4667 CRITICAL POC THREAT Emergency

Multiple hardcoded credentials in Xsuite 2.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.0%.

Authentication Bypass Xsuite
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.0%
Threat
4.2
CVE-2015-4666 MEDIUM POC THREAT This Month

Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.4%.

Path Traversal PHP Xsuite
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
16.4%
CVE-2015-4665 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Xsuite
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.4%
EPSS 0% CVSS 7.8
HIGH POC This Week

The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xsuite
NVD Exploit-DB
EPSS 4% CVSS 6.1
MEDIUM POC This Month

Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Xsuite
NVD Exploit-DB
EPSS 24% 4.2 CVSS 9.8
CRITICAL POC THREAT Emergency

Multiple hardcoded credentials in Xsuite 2.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.0%.

Authentication Bypass Xsuite
NVD Exploit-DB
EPSS 16% CVSS 5.0
MEDIUM POC THREAT This Month

Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.4%.

Path Traversal PHP Xsuite
NVD Exploit-DB
EPSS 3% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Xsuite
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy