Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| loadbalancer | enterprise_va_max | * |
The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| loadbalancer | enterprise_va_max | * |
Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| loadbalancer | enterprise_va_max | * |