Konzept-Ix: >> Publixone Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-10-27
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-10-27
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-10-27
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-10-27
A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-10-27