CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2015-2165 – Ericsson Drutt MSDP (Report Viewer) Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-2165
01 Apr 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate, (4) fromTime, (5) toTime, (6) kword, (7) uname, (8) pname, (9) sname, (10) atype, or (11) atitle parameter to top-links.jsp; (12) portal or (13) uid parameter to (a) page-summary.jsp or (b) service-summary.jsp; (14) portal, (15) fromDate, (16) toDate, (17... • https://packetstorm.news/files/id/131232 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2015-2167 – Ericsson Drutt MSDP (3PI Manager) Open Redirect
https://notcve.org/view.php?id=CVE-2015-2167
01 Apr 2015 — Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp. Vulnerabilidad de redirección abierta en 3PI Manager en Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, y 6 permite a atacantes remotos redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través de una ... • https://packetstorm.news/files/id/131230 •
CVSS: 7.5EPSS: 16%CPEs: 3EXPL: 4CVE-2015-2166 – Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-2166
01 Apr 2015 — Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI. Vulnerabilidad de salto de directorio en Instance Monitor en Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, y 6 permite a atacantes remotos leer ficheros arbitrarios a través de un ..%2f (punto punto barra oblicua codificada) en la URI por defecto. Ericsson Drutt MS... • https://packetstorm.news/files/id/131233 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •