Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49574 | 1 Flexense | 1 Vx Search | 2025-03-04 | N/A | 7.1 HIGH |
| A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads. | |||||
| CVE-2023-49575 | 1 Flexense | 1 Vx Search | 2025-03-04 | N/A | 7.1 HIGH |
| A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads. | |||||
| CVE-2023-49572 | 1 Flexense | 1 Vx Search | 2025-03-04 | N/A | 7.1 HIGH |
| A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads. | |||||
| CVE-2023-49573 | 1 Flexense | 1 Vx Search | 2025-03-04 | N/A | 7.1 HIGH |
| A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads. | |||||
| CVE-2018-10567 | 1 Flexense | 1 Vx Search | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. | |||||
| CVE-2017-15662 | 1 Flexense | 1 Vx Search | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123. | |||||
| CVE-2017-15220 | 1 Flexense | 1 Vx Search | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code. | |||||