Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-9250 | 1 Skyboxsecurity | 1 Skybox Platform | 2018-01-24 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter. | |||||
CVE-2015-9247 | 1 Skyboxsecurity | 1 Skybox Platform | 2018-01-24 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabilities exist in /skyboxview/webservice/services/VersionRepositoryWebService via a soapenv:Body element, or in the status parameter to login.html. | |||||
CVE-2015-9248 | 1 Skyboxsecurity | 1 Skybox Platform | 2018-01-24 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Manager. | |||||
CVE-2015-9249 | 1 Skyboxsecurity | 1 Skybox Platform | 2018-01-24 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element. | |||||
CVE-2015-9246 | 1 Skyboxsecurity | 1 Skybox Platform | 2018-01-24 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost. |