Vulnerabilities > Cybelesoft > Thinfinity Virtualui > 2.5.26.2

DATE CVE VULNERABILITY TITLE RISK
2022-02-09 CVE-2021-46354 Exposure of Resource to Wrong Sphere vulnerability in Cybelesoft Thinfinity Virtualui 2.1.28.0/2.1.32.1/2.5.26.2
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site.
network
low complexity
cybelesoft CWE-668
5.0
5.0
2021-12-16 CVE-2021-45092 Unspecified vulnerability in Cybelesoft Thinfinity Virtualui
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.
network
low complexity
cybelesoft
7.5
7.5
2021-12-13 CVE-2021-44848 Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.
network
low complexity
cybelesoft CWE-203
5.0
5.0