Tiziano Di Vincenzo

#10188of 53,635
27.1Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2025-6779
6.1
2025-02-14
Watchguard · Watchguard Fireware · CVE-2025-0178
**Name of the Vulnerable Software and Affected Versions** WatchGuard Fireware OS versions 12.0 through 12.11 **Description** The issue is related to improper input validation, allowing an attacker to manipulate the value of the `HTTP Host` header in requests sent to the Web UI. This could be exploited to redirect users to malicious websites, poison the web cache, or inject malicious JavaScript into responses sent by the Web UI. **Recommendations** For versions 12.0 through 12.11, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-27146
8.8
2023-12-07
Ericsson · Ericsson Network Manager · CVE-2023-39909
**Name of the Vulnerable Software and Affected Versions** Ericsson Network Manager versions prior to 23.2 **Description** The issue is related to mishandled Access Control, allowing unauthenticated low-privilege users to access the NCM application. **Recommendations** For versions prior to 23.2, update to version 23.2 or later to resolve the issue.
PT-2022-25006
6.1
2022-09-09
Wso2 · Wso2 Enterprise Integrator · CVE-2022-39809
**Name of the Vulnerable Software and Affected Versions** WSO2 Enterprise Integrator version 6.4.0 **Description** A Reflected Cross-Site Scripting (XSS) issue has been identified in the Management Console under "/carbon/mediation secure vault/properties/ajaxprocessor.jsp" via the `name` parameter. This issue does not allow for session hijacking or similar attacks. **Recommendations** For WSO2 Enterprise Integrator version 6.4.0, consider disabling access to the "/carbon/mediation secure vault/properties/ajaxprocessor.jsp" endpoint until a patch is available. Additionally, restrict the use of the `name` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-25008
6.1
2022-09-09
Wso2 · Wso2 Enterprise Integrator · CVE-2022-39810
**Name of the Vulnerable Software and Affected Versions** WSO2 Enterprise Integrator version 6.4.0 **Description** A Reflected Cross-Site Scripting (XSS) issue has been identified in the Management Console under "/carbon/ndatasource/validateconnection/ajaxprocessor.jsp" via the `driver` parameter. This could lead to session hijacking or similar attacks, although it is noted that such attacks would not be possible in this case. **Recommendations** For WSO2 Enterprise Integrator version 6.4.0, consider disabling access to the "/carbon/ndatasource/validateconnection/ajaxprocessor.jsp" endpoint or restricting the use of the `driver` parameter until a patch is available.