← Back

Oneshield Policy

oneshield_policy

Vendor: Oneshield • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-11643
1Oneshield
1Oneshield Policy
Nov 21, 2024
May 8, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Persistent XSS has been found in the OneShield Policy (Dragon Core) framework before 5.1.10. Remote adversaries can inject malicious JavaScript into textboxes decorated with type string, which is subsequently stored to t...Show more
Persistent XSS has been found in the OneShield Policy (Dragon Core) framework before 5.1.10. Remote adversaries can inject malicious JavaScript into textboxes decorated with type string, which is subsequently stored to the applicable data store. This can be exploited remotely by both authenticated and unauthenticated users.Show less
CVE-2019-11642
1Oneshield
1Oneshield Policy
Nov 21, 2024
May 8, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10. Authenticated remote adversaries can poison log files by entering malicious payloads in either headers or f...Show more
A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10. Authenticated remote adversaries can poison log files by entering malicious payloads in either headers or form elements. These payloads are then executed via a client side debugging console. This is predicated on the debugging console and Java Bean being made available to the deployed application.Show less