CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41434
https://notcve.org/view.php?id=CVE-2022-41434
08 Nov 2022 — EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /lilac/main.php. Se descubrió que EyesOfNetwork Web Interface v5.3 contiene una vulnerabilidad de cross-site scripting (XSS) reflejada a través del componente /lilac/main.php. • https://gist.github.com/delyura/83553302a1960311c8c4c8cc4a974577 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41433
https://notcve.org/view.php?id=CVE-2022-41433
08 Nov 2022 — EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php. Se descubrió que la interfaz web EyesOfNetwork v5.3 contiene una vulnerabilidad de cross-site scripting (XSS) reflejada a través del componente /module/admin_bp/add_application.php. • https://gist.github.com/delyura/b7419cab29f4105df1c1fbe5d99edd7c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41432
https://notcve.org/view.php?id=CVE-2022-41432
08 Nov 2022 — EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php. Se descubrió que EyesOfNetwork Web Interface v5.3 contiene una vulnerabilidad de cross-site scripting (XSS) reflejada a través del componente /module/report_event/index.php. • https://gist.github.com/delyura/bda0b16cf99cb14bb767db84e5110419 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41571
https://notcve.org/view.php?id=CVE-2022-41571
27 Sep 2022 — An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur. Se ha detectado un problema en EyesOfNetwork (EON) versiones hasta 5.3.11. Puede producirse una inclusión de archivos Locales • https://github.com/EyesOfNetworkCommunity/eonweb/issues/120 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41570
https://notcve.org/view.php?id=CVE-2022-41570
27 Sep 2022 — An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur. Se ha detectado un problema en EyesOfNetwork (EON) versiones hasta 5.3.11. Puede producirse una inyección SQL no Autenticada • https://github.com/EyesOfNetworkCommunity/eonweb/issues/120 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2021-40643
https://notcve.org/view.php?id=CVE-2021-40643
30 Jun 2022 — EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail"). EyesOfNetwork versiones anteriores a 07-07-2021, presenta una vulnerabilidad de Ejecución de Código Remota en la página de configuración de las opciones de correo. ... • https://eyesofnetwork.com •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24612
https://notcve.org/view.php?id=CVE-2022-24612
25 Feb 2022 — An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. Un usuario autenticado puede subir un archivo XML que contenga una vulnerabilidad de tipo XSS por medio del módulo ITSM de EyesOfNetwork 5.3.11,resultando en un ataque de tipo XSS almacenado. • https://github.com/EyesOfNetworkCommunity/eonweb/issues/114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33525
https://notcve.org/view.php?id=CVE-2021-33525
24 May 2021 — EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell. EyesOfNetwork eonweb versiones hasta 5.3-11, permite una ejecución de comandos remota (por usuarios autenticados) por medio de metacaracteres shell en el parámetro nagios_path hacia el archivo lilac/export.php, como es demostrado por %26%26+curl para insertar una s... • https://github.com/ArianeBlow/LilacPathVUln/blob/main/eon-pwn.sh • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-27513
https://notcve.org/view.php?id=CVE-2021-27513
21 Feb 2021 — The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside." El módulo admin_ITSM en EyesOfNetwork versión 5.3-10, permite a usuarios autenticados remoto cargar archivos .xml.php arbitrarios porque es basado en "le filtre userside" • https://github.com/ArianeBlow/CVE-2021-27513 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-27514
https://notcve.org/view.php?id=CVE-2021-27514
21 Feb 2021 — EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). EyesOfNetwork versión 5.3-10, usa un número entero de entre 8 y 10 dígitos para el ID de sesión, que podría ser aprovechado para omitir una autenticación de fuerza bruta (como en la explotación del CVE-2021-27513) • https://github.com/ArianeBlow/CVE-2021-27513-CVE-2021-27514 • CWE-307: Improper Restriction of Excessive Authentication Attempts •