Vulnerabilities (CVE)

Filtered by vendor Sysax Subscribe

Filtered by product Multi Server

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-23574	1 Sysax	1 Multi Server	2021-07-21	4.0 MEDIUM	6.5 MEDIUM
When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfile_name1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash.
CVE-2020-13228	1 Sysax	1 Multi Server	2020-06-15	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.
CVE-2020-13227	1 Sysax	1 Multi Server	2020-06-02	5.0 MEDIUM	5.3 MEDIUM
An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism.