Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5
CVE-2017-7589
- EPSS 0.27%
- Veröffentlicht 09.04.2017 01:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related ...
6.1
CVE-2017-7590
- EPSS 0.27%
- Veröffentlicht 09.04.2017 01:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.
6.1
CVE-2017-7591
- EPSS 0.23%
- Veröffentlicht 09.04.2017 01:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/.
1