3 results (0.011 seconds)

CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 3

LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. Los dispositivos LOYTEC LGATE-902 en la versión 6.3.2 permiten la eliminación arbitraria de archivos. Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities. • http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html http://seclists.org/fulldisclosure/2019/Apr/12 https://seclists.org/fulldisclosure/2019/Apr/12 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 3

LOYTEC LGATE-902 6.3.2 devices allow XSS. Los dispositivos YTEC LGATE-902 versión 6.3.2 permiten Cross-Site Scripting (XSS). Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities. • http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html http://seclists.org/fulldisclosure/2019/Apr/12 https://seclists.org/fulldisclosure/2019/Apr/12 https://www.mag-securs.com/alertes/artmid/1894/articleid/41651/loytec-lgate-902-up-to-641-alarm-log-obj-handle-cross-site-scripting.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 10%CPEs: 2EXPL: 3

LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. Los dispositivos LOYTEC LGATE-902 versión 6.3.2 permiten un salto de directorio. Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities. • http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html http://seclists.org/fulldisclosure/2019/Apr/12 https://seclists.org/fulldisclosure/2019/Apr/12 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •