CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3791 – Cross-site Scripting vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3791
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. Vulnerabilidad en WBSAirback 21.02.04, que consiste en un Cross-Site Scripting (XSS) almacenado a través de /admin/SystemConfiguration, nombre/campos de límite de memoria libre, parámetros de tipo/contraseña. La explotación de esta vulnerabilidad podría permitir que un usuario remoto envíe una URL especialmente manipulada a la víctima y robe los datos de su sesión. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3790 – Cross-site Scripting vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3790
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. Vulnerabilidad en WBSAirback 21.02.04, que consiste en un Cross-Site Scripting (XSS) almacenado a través de /admin/SystemUsers, campos de inicio de sesión/descripción, parámetros passwd1/passwd2. La explotación de esta vulnerabilidad podría permitir que un usuario remoto envíe una URL especialmente manipulada a la víctima y robe los datos de su sesión. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3789 – Uncontrolled Resource Consumption vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3789
Uncontrolled resource consumption vulnerability in White Bear Solutions WBSAirback, version 21.02.04. This vulnerability could allow an attacker to send multiple command injection payloads to influence the amount of resources consumed. Vulnerabilidad de consumo descontrolado de recursos en White Bear Solutions WBSAirback, versión 21.02.04. Esta vulnerabilidad podría permitir a un atacante enviar múltiples payloads de inyección de comandos para influir en la cantidad de recursos consumidos. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3788 – Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3788
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through License (/admin/CDPUsers). Exploitation of this vulnerability could allow a remote user to execute arbitrary code. Vulnerabilidad en WBSAirback 21.02.04, que involucra la neutralización inadecuada de Server-Side Incluye (SSI), a través de Licencia (/admin/CDPUsers). La explotación de esta vulnerabilidad podría permitir que un usuario remoto ejecute código arbitrario. • https://github.com/7Ragnarok7/CVE-2024-37888 https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3787 – Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3787
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 disks (/admin/DeviceS3). Exploitation of this vulnerability could allow a remote user to execute arbitrary code. Vulnerabilidad en WBSAirback 21.02.04, que implica la neutralización inadecuada de Server-Side Incluye (SSI), a través de discos S3 (/admin/DeviceS3). La explotación de esta vulnerabilidad podría permitir que un usuario remoto ejecute código arbitrario. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions •