CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15053
https://notcve.org/view.php?id=CVE-2020-15053
An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects. Se detectó un problema en Artica Proxy CE versiones anteriores al 4.28.030.418. Una vulnerabilidad de tipo XSS Reflejado se presenta por medio de estos campos de búsqueda: real time request, System Events, Proxy Events, Proxy Objects, y Firewall objects • https://github.com/pratikshad19/CVE-2020-15053 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15052
https://notcve.org/view.php?id=CVE-2020-15052
An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields. Se detectó un problema en Artica Proxy CE versiones anteriores al 4.28.030.418. Una inyección SQL se presenta por medio de los campos Netmask, Hostname, y Alias • https://github.com/pratikshad19/CVE-2020-15052 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15051
https://notcve.org/view.php?id=CVE-2020-15051
An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields. Se detectó un problema en Artica Proxy versiones anteriores a 4.30.000000. Se presenta una vulnerabilidad de tipo XSS almacenado por medio de los campos Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description • https://github.com/pratikshad19/CVE-2020-15051 http://artica-proxy.com/telechargements • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 96%CPEs: 1EXPL: 1CVE-2020-13158
https://notcve.org/view.php?id=CVE-2020-13158
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. Artica Proxy versiones anteriores a 4.30.000000, Community Edition permite un salto de directorio por medio del parámetro popup del archivo fw.progrss.details.php • https://github.com/InfoSec4Fun/CVE-2020-13158 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-2020-13159
https://notcve.org/view.php?id=CVE-2020-13159
Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818. Artica Proxy versiones anteriores a 4.30.000000, Community Edition permite una inyección de comandos del Sistema Operativo por medio del campo Netbios name, Server domain name, dhclient_mac, Hostname, o Alias. NOTA: esto puede solaparse con CVE-2020-10818 • https://github.com/InfoSec4Fun/CVE-2020-13159 https://sourceforge.net/projects/artica-squid/files • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •