CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41748
https://notcve.org/view.php?id=CVE-2023-41748
Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. • https://security-advisory.acronis.com/advisories/SEC-5816 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41747
https://notcve.org/view.php?id=CVE-2023-41747
Sensitive information disclosure due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. Sensitive information disclosure due to unauthenticated path traversal. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. • https://security-advisory.acronis.com/advisories/SEC-5811 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41746
https://notcve.org/view.php?id=CVE-2023-41746
Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. • https://security-advisory.acronis.com/advisories/SEC-5810 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0421 – Cloud Manager <= 1.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-0421
The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link. The Cloud Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ricerca’ parameter in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/a356fea0-f143-4736-b2b2-c545c525335c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27002
https://notcve.org/view.php?id=CVE-2021-27002
NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. NetApp Cloud Manager versiones anteriores a 3.9.10, son susceptibles de sufrir una vulnerabilidad que podría permitir a un atacante remoto no autenticado recuperar datos confidenciales por medio del proxy web • https://security.netapp.com/advisory/ntap-20211011-0001 •