CVE-2023-28365
https://notcve.org/view.php?id=CVE-2023-28365
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. • https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9a8-4082-9ec4-56b14effd545 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2013-3572
https://notcve.org/view.php?id=CVE-2013-3572
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname. Cross-site scripting (XSS) en la interfaz de administracion en el controlador UniFi de Ubiquiti Networks UniFi 2.3.5 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un nombre de host del cliente manipulado. • http://dl.ubnt.com/unifi/static/cve-2013-3572.html http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products http://www.securityfocus.com/bid/64601 https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •