CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2022-37153
https://notcve.org/view.php?id=CVE-2022-37153
An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. Se ha detectado un problema en Artica Proxy versión 4.30.000000. Se presenta una vulnerabilidad de tipo XSS por medio del parámetro password en el archivo /fw.login.php. • https://github.com/Fjowel/CVE-2022-37153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15053
https://notcve.org/view.php?id=CVE-2020-15053
An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects. Se detectó un problema en Artica Proxy CE versiones anteriores al 4.28.030.418. Una vulnerabilidad de tipo XSS Reflejado se presenta por medio de estos campos de búsqueda: real time request, System Events, Proxy Events, Proxy Objects, y Firewall objects • https://github.com/pratikshad19/CVE-2020-15053 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15052
https://notcve.org/view.php?id=CVE-2020-15052
An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields. Se detectó un problema en Artica Proxy CE versiones anteriores al 4.28.030.418. Una inyección SQL se presenta por medio de los campos Netmask, Hostname, y Alias • https://github.com/pratikshad19/CVE-2020-15052 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15051
https://notcve.org/view.php?id=CVE-2020-15051
An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields. Se detectó un problema en Artica Proxy versiones anteriores a 4.30.000000. Se presenta una vulnerabilidad de tipo XSS almacenado por medio de los campos Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description • https://github.com/pratikshad19/CVE-2020-15051 http://artica-proxy.com/telechargements • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 96%CPEs: 1EXPL: 1CVE-2020-13158
https://notcve.org/view.php?id=CVE-2020-13158
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. Artica Proxy versiones anteriores a 4.30.000000, Community Edition permite un salto de directorio por medio del parámetro popup del archivo fw.progrss.details.php • https://github.com/InfoSec4Fun/CVE-2020-13158 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •