Vulnerabilities > Cybelesoft > Thinfinity Virtualui > 2.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-20 | CVE-2021-44554 | Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. | 5.0 |
| 2021-12-16 | CVE-2021-45092 | Unspecified vulnerability in Cybelesoft Thinfinity Virtualui Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. | 7.5 |
| 2021-12-13 | CVE-2021-44848 | Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists. | 5.0 |
| 2020-06-04 | CVE-2019-16385 | Cross-site Scripting vulnerability in Cybelesoft Thinfinity Virtualui 2.0/2.5/2.5.17.2 Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. | 4.3 |
| 2020-06-04 | CVE-2019-16384 | Path Traversal vulnerability in Cybelesoft Thinfinity Virtualui 2.0/2.5/2.5.17.2 Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. | 4.0 |