CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 4CVE-2009-0699 – Plunet BusinessManager 4.1 - '/pagesUTF8/auftrag_allgemeinauftrag.jsp' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-0699
23 Feb 2009 — Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en pagesUTF8/auftrag_allgemeinauftrag.jsp de Plunet BusinessManager v4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) QUB y (2) "Bez74". • https://www.exploit-db.com/exploits/32708 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 5CVE-2009-0700 – Plunet BusinessManager 4.1 - 'pagesUTF8/auftrag_job.jsp?Pfad' Direct Request Information Disclosure
https://notcve.org/view.php?id=CVE-2009-0700
23 Feb 2009 — Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to pagesUTF8/auftrag_job.jsp. Plunet BusinessManager 4.1 y anteriores permiten a usuarios remotos autenticados eludir las restricciones de acceso y (1) leer datos sensibles de Cliente u Ordenes a través de un acceso a pagesUTF8/Sys_DirAnzeige.jsp con u... • https://www.exploit-db.com/exploits/32710 • CWE-264: Permissions, Privileges, and Access Controls •