CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 0CVE-2022-30777
https://notcve.org/view.php?id=CVE-2022-30777
16 May 2022 — Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. Parallels H-Sphere versión 3.6.1713 permite un ataque de tipo XSS por medio del parámetro index_en.php from • https://en.wikipedia.org/wiki/H-Sphere • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2012-5004
https://notcve.org/view.php?id=CVE-2012-5004
19 Sep 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Parallels H-Sphere v3.3 Patch 1, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que (1)... • http://osvdb.org/78505 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 2CVE-2008-6465
https://notcve.org/view.php?id=CVE-2008-6465
13 Mar 2009 — Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters. Múltiples vulnerabilidades ejecución de secuencias de comandos en sitios cruzados (XSS) en login.php en webshell4 en Parallels H-Sphere 3.0.0 P9 y el 3.1 P1 permiten a atacantes remotos inyectar HTML o scripts web arbitrarios a través de los parámetros (1) err, (2) errorc... • http://osvdb.org/48232 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •