2 results (0.021 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access. Una administración insuficiente del flujo de control en la API para Intel® Collaboration Suite para WebRTC versiones anteriores a 4.3.1, puede permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso de red • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00425.html •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image attachment. Múltiples Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6 y posiblemente otras versiones anteriores a 4.5.10, permite a atacantes remotos inyectar secuencias de comandos web o html de su elección a través de un adjunto de e-mail usando ficheros (1) .jpg o (2) .gif. • http://jvn.jp/jp/JVN%2395014590/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000004.html http://secunia.com/advisories/29263 http://www.securityfocus.com/bid/28134 http://www.zimbra.com/jp/products/vulnerability.html https://exchange.xforce.ibmcloud.com/vulnerabilities/41044 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •