MidnightBSD

Advisories for unitedplanet

CVE-2014-2025 HIGH

Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
unitedplanet intrexx 6.0
unitedplanet intrexx 5.2
CVE-2014-2026 MEDIUM

Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
unitedplanet intrexx 6.0
unitedplanet intrexx *
CVE-2020-24188 MEDIUM

Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
unitedplanet intrexx *