Smartfoxserver

smartfoxserver

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-26551 1Smartfoxserver 1Smartfoxserver Nov 21, 2024 Feb 9, 2021 N/A· v4 8.8 HIGH· v3 6.0 MEDIUM· v2 An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/adm...Show more An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module.Show less
CVE-2021-26550 1Smartfoxserver 1Smartfoxserver Nov 21, 2024 Feb 9, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml.
CVE-2021-26549 1Smartfoxserver 1Smartfoxserver Nov 21, 2024 Feb 9, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's br...Show more An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.Show less