Scott Goodwin

#10579of 53,632
26.1Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2021-21974
6.1
2021-08-06
Unknown · Leostream Connection Broker · CVE-2021-38157
Name of the Vulnerable Software and Affected Versions: LeoStream Connection Broker versions 9.x before 9.0.34.3 Description: The issue allows Unauthenticated Reflected XSS via the "/index.pl" API endpoint, specifically through the `user` parameter. This affects products that are no longer supported by the maintainer. Recommendations: For versions prior to 9.0.34.3, as a temporary workaround, consider restricting access to the "/index.pl" API endpoint to minimize the risk of exploitation. Avoid using the `user` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-13827
7.5
2020-06-11
Citrix · Citrix Xenapp · CVE-2020-13998
**Name of the Vulnerable Software and Affected Versions** Citrix XenApp version 6.5 **Description** The issue allows a remote unauthenticated attacker to determine whether a user exists on the server when two-factor authentication (2FA) is enabled. This is because the 2FA error page is only displayed after a valid username is entered. The products affected by this issue are no longer supported by the maintainer. **Recommendations** For Citrix XenApp version 6.5, as the product is no longer supported, there is no information about a newer version that contains a fix for this issue.
PT-2020-13200
6.1
2020-05-07
Mitel · Mivoice Connect · CVE-2020-12679
**Name of the Vulnerable Software and Affected Versions** Mitel ShoreTel Conference Web Application versions 19.50.1000.0 through versions prior to MiVoice Connect 18.7 SP2 **Description** A reflected cross-site scripting (XSS) issue allows remote attackers to inject arbitrary JavaScript and HTML via the PATH INFO to "home.php". This enables attackers to execute malicious scripts on the client-side, potentially leading to unauthorized actions or data exposure. **Recommendations** For versions 19.50.1000.0 through versions prior to MiVoice Connect 18.7 SP2, update to MiVoice Connect 18.7 SP2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "home.php" endpoint to minimize the risk of exploitation.
PT-2019-18410
6.4
2019-12-11
Avaya · Ip Office Application Server · CVE-2019-7004
**Name of the Vulnerable Software and Affected Versions** IP Office Application Server versions 11.x **Description** A Cross-Site Scripting (XSS) issue in the WebUI component could allow unauthorized code execution and potentially disclose sensitive information. **Recommendations** For versions 11.x, update to a version that includes the fix for this issue, as all versions within this range are affected.