Published: 13/08/2015 Updated: 19/06/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the fileName parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xceedium xsuite 2.3.0
xceedium xsuite 2.4.3.0

See also: wwwmodzeroch/advisories/MZ-15-02-Xceedium-Xsuitetxt --------------------------------------------------------------------- modzero Security Advisory: Multiple Vulnerabilities in Xceedium Xsuite [MZ-15-02] --------------------------------------------------------------------- ---------------------------------------------------- ...

Xceedium Xsuite versions 230 and 2430 suffer from command injection, cross site scripting, directory traversal, hard-coded credential, and privilege escalation vulnerabilities ...

Full Disclosure mailing list archives   By Date By Thread </form>    CA20180614-01: Security Notice for CA Privileged Access Manager   ...

CWE-79 http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt https://www.exploit-db.com/exploits/37708/https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html https://nvd.nist.gov https://www.exploit-db.com/exploits/37708/

CVE-2015-4665

Vulnerability Summary

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect