CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30777
https://notcve.org/view.php?id=CVE-2022-30777
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. Parallels H-Sphere versión 3.6.1713 permite un ataque de tipo XSS por medio del parámetro index_en.php from • https://en.wikipedia.org/wiki/H-Sphere https://medium.com/%40bhattronit96/cve-2022-30777-45725763ab59 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2012-5004
https://notcve.org/view.php?id=CVE-2012-5004
Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Parallels H-Sphere v3.3 Patch 1, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que (1) añade planes de grupo a través admin/group_plans.html o (2) añadir paquetes estra a través de admin/extra_packs/create_extra_pack.html. • http://osvdb.org/78505 http://packetstormsecurity.org/files/view/108972/VL-392.txt http://secunia.com/advisories/47556 http://www.vulnerability-lab.com/get_content.php?id=392 https://exchange.xforce.ibmcloud.com/vulnerabilities/72628 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6465
https://notcve.org/view.php?id=CVE-2008-6465
Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters. Múltiples vulnerabilidades ejecución de secuencias de comandos en sitios cruzados (XSS) en login.php en webshell4 en Parallels H-Sphere 3.0.0 P9 y el 3.1 P1 permiten a atacantes remotos inyectar HTML o scripts web arbitrarios a través de los parámetros (1) err, (2) errorcode, y (3) login. • http://osvdb.org/48232 http://secunia.com/advisories/31830 http://www.securityfocus.com/bid/31256 http://www.xssing.com/index.php?x=3&y=65 https://exchange.xforce.ibmcloud.com/vulnerabilities/45252 https://exchange.xforce.ibmcloud.com/vulnerabilities/45254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •