CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13706 – Lansweeper 6.0.100.29 XXE Injection
https://notcve.org/view.php?id=CVE-2017-13706
XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705. Vulnerabilidad XEE (XML External Entity) en la funcionalidad de importación de paquetes del módulo deployment en Lansweeper en versiones anteriores a la 6.0.100.67 permite que usuarios autenticados remotos obtengan información sensible, provoquen una denegación de servicio, realicen ataques SSRF (Server-Side Request Forgery), realicen escaneos de puertos internos o provoquen otro impacto no especificado mediante una petición XML. Esta vulnerabilidad también se conoce como bug #572705. Lansweeper version 6.0.100.29 suffers from an XML external entity injection vulnerability. • http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html http://seclists.org/fulldisclosure/2017/Oct/14 https://www.lansweeper.com/changelog.aspx • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9292 – Lansweeper 6.0.0.63 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-9292
Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. Lansweeper versiones anteriores a 6.0.0.65 es vulnerable a un XSS en una recuperación de imágenes URI, también conocido como Bug 542782. Lansweeper version 6.0.0.63 suffers from a cross site scripting vulnerability. • https://backbox.org/membership/lansweeper-v6-0-0-63-xss-vulnerability https://www.lansweeper.com/changelog.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •