Vulnerabilities > Allen Disk Project > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-31 | CVE-2017-9307 | Server-Side Request Forgery (SSRF) vulnerability in Allen Disk Project Allen Disk 1.6 SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | 6.5 |
| 2017-05-28 | CVE-2017-9249 | Cross-site Scripting vulnerability in Allen Disk Project Allen Disk 1.6 Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. | 5.4 |
| 2017-05-08 | CVE-2017-8848 | Cross-Site Request Forgery (CSRF) vulnerability in Allen Disk Project Allen Disk 1.6 Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. | 6.5 |
| 2017-05-08 | CVE-2017-8832 | Cross-site Scripting vulnerability in Allen Disk Project Allen Disk 1.6 Allen Disk 1.6 has XSS in the id parameter to downfile.php. | 6.1 |