Sandline: Security Vulnerabilities
Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-11-18
Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in the name field of the Category section.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-18
Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML page running a script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-18