CVE-2024-10276 – Telestream Sentry Reports Page page cross site scripting
https://notcve.org/view.php?id=CVE-2024-10276
A vulnerability has been found in Tektronix Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?ctiid.281551 https://vuldb.com/?id.281551 https://vuldb.com/?submit.423695 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-8887
https://notcve.org/view.php?id=CVE-2020-8887
Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page). Telestream Tektronix Medius versiones anteriores a 10.7.5 y Sentry versiones anteriores a 10.7.5, presentan una vulnerabilidad de inyección SQL que permite a un atacante no autenticado volcar el contenido de la base de datos por medio del parámetro page en una petición page=login hacia el archivo index.php (también se conoce como la página de inicio de sesión del servidor) • https://github.com/google/security-research/security/advisories/GHSA-g69r-8jwh-2462 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •