MidnightBSD

Advisories for ctera

CVE-2013-2639 MEDIUM

Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a project folder.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ctera cloud_storage_os 3.2.29.0
ctera cloud_storage_os 3.2.42.0
CVE-2025-52196

Server-Side Request Forgery (SSRF) vulnerability in Ctera Portal 8.1.x (8.1.1417.24) allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe.

Products Affected

Vendor Product Version
ctera ctera 8.1.1417.24