Filtered by vendor Terra-master
Subscribe
Filtered by product Terramaster Operating System
Subscribe
Search
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13355 | 1 Terra-master | 1 Terramaster Operating System | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. | |||||
| CVE-2018-13337 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript. | |||||
| CVE-2018-13361 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter. | |||||
| CVE-2018-13360 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter. | |||||
| CVE-2018-13331 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames. | |||||
| CVE-2018-13357 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names. | |||||
| CVE-2018-13351 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form. | |||||
| CVE-2018-13349 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username. | |||||
| CVE-2018-13335 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions. | |||||
| CVE-2018-13333 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. | |||||
| CVE-2018-13329 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter. | |||||
| CVE-2018-13334 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. | |||||