CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6324 – F-Secure Radar Open Redirect
https://notcve.org/view.php?id=CVE-2018-6324
F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login. F-Secure Radar (local) anterior a 2018-02-15 tiene una redirección no válida mediante el parámetro ReturnUrl que se desencadena al iniciar sesión un usuario. F-Secure Radar suffers from an open redirection vulnerability. • http://oscarhjelm.com/blag/2018/02/f-secure-radar-login-page-unvalidated-redirect-vulnerability http://www.securityfocus.com/bid/103208 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6189 – F-Secure Radar Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-6189
F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue. F-Secure Radar (local) anterior a 2018-02-15 tiene XSS mediante vectores relacionados con el parámetro Tags en el cuerpo de la petición JSON en una petición saliente para el recurso /api/latest/vulnerabilityscans/tags/batch. Esto también se conoce como problema "suggested metadata tags for assets". F-Secure Radar suffers from a persistent cross site scripting vulnerability. • http://oscarhjelm.com/blag/2018/02/f-secure-radar-persistent-cross-site-scripting-vulnerability http://www.securityfocus.com/bid/103100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •