Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
administrator vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-19757
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions before 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially craf...
Lenovo Xclarity Administrator
7.2
CVSSv3
CVE-2020-10963
FrozenNode Laravel-Administrator up to and including 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is disconti...
Frozennode Laravel-administrator
1 Github repository
5.9
CVSSv3
CVE-2019-6158
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.
Lenovo Xclarity Administrator
4.8
CVSSv3
CVE-2019-6180
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions before 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaSc...
Lenovo Xclarity Administrator
7.5
CVSSv3
CVE-2019-6193
An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions before 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes.
Lenovo Xclarity Administrator
6.1
CVSSv3
CVE-2019-6181
A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions before 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed ...
Lenovo Xclarity Administrator
4.9
CVSSv3
CVE-2019-6182
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions before 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. T...
Lenovo Xclarity Administrator
5.5
CVSSv3
CVE-2019-6194
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions before 2.6.6 that could allow information disclosure.
Lenovo Xclarity Administrator
4.9
CVSSv3
CVE-2020-8355
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if t...
Lenovo Xclarity Administrator
8.8
CVSSv3
CVE-2018-9066
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.
Lenovo Xclarity Administrator
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »