Filtered by vendor Terra-master
Subscribe
Total
46 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-13350 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter. | |||||
CVE-2018-13349 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username. | |||||
CVE-2018-13335 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions. | |||||
CVE-2018-13333 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. | |||||
CVE-2018-13329 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter. | |||||
CVE-2018-13334 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. |