Manuel Scala

A reflected cross-site scripting (XSS) vulnerability in the login newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice azienda parameter.

Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice azienda and red url parameters.

**Name of the Vulnerable Software and Affected Versions** eNMS versions 4.4.0 through 4.7.1 **Description** The issue is related to Directory Traversal via `edit file`. This allows unauthorized access to sensitive files and directories. **Recommendations** For versions 4.4.0 through 4.7.1, consider restricting access to the `edit file` functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** eNMS versions 4.4.0 through 4.7.1 **Description** The issue is related to a Directory Traversal vulnerability in the `scan folder` feature. This vulnerability allows unauthorized access to sensitive files and directories. **Recommendations** For eNMS versions 4.4.0 through 4.7.1, consider disabling the `scan folder` feature until a patch is available to prevent potential exploitation. Restrict access to sensitive files and directories to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eNMS versions up to 4.7.1 **Description** The issue is a Directory Traversal vulnerability, which occurs via the `download/folder` path. **Recommendations** For versions up to 4.7.1, consider restricting access to the `download/folder` path as a temporary workaround until a patch is available.