portal vulnerabilities and exploits

NA
CVE-2019-5586

Failure to sanitize input in the SSL VPN web portal may allow an attacker to perform a reflected Cross-site Scripting (XSS) attack via multiple parameters of the error page HTTP request....

NA
CVE-2019-5588

Failure to sanitize input in the SSL VPN web portal may allow an attacker to perform a reflected Cross-site Scripting (XSS) attack via multiple parameters of the error page HTTP request....

7.5
CVSSv2
CVE-2018-17181

An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php....

5
CVSSv2
CVE-2018-17180

An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php....

4.3
CVSSv2
CVE-2019-5939

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'....

3.5
CVSSv2
CVE-2019-5932

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'....

NA
CVE-2019-12095

Horde Webmail is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the Trean Bookmarks. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform...

NA
CVE-2019-12094

Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities....

2.7
CVSSv2
CVE-2019-0886

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'....

9.3
CVSSv2
CVE-2019-0885

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'....