2 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la página de inicio de sesión del componente de WebUI en SUSE openSUSE Build Service (OBS) antes de v2.1.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://news.opensuse.org/2011/03/02/build-service-team-releases-new-versions-fixing-security-problems https://bugzilla.novell.com/show_bug.cgi?id=669909 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 21EXPL: 0

The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors. La API en SUSE openSUSE Build Service (OBS) v2.0.x antes de v2.0.8 y v2.1.x antes de v2.1.6 permite a atacantes eludir restricciones intencionadas de acceso de escritura y modificar un (1) paquete o (2) proyecto, a través de vectores no especificados. • http://news.opensuse.org/2011/03/02/build-service-team-releases-new-versions-fixing-security-problems • CWE-264: Permissions, Privileges, and Access Controls •