Vulnerabilities > Lenovo > Xclarity Administrator > 2.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-14 | CVE-2019-19757 | Cross-site Scripting vulnerability in Lenovo Xclarity Administrator An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. | 5.4 |
| 2019-09-03 | CVE-2019-6182 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenovo Xclarity Administrator A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. | 4.9 |
| 2019-09-03 | CVE-2019-6181 | Cross-site Scripting vulnerability in Lenovo Xclarity Administrator A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. | 6.1 |
| 2019-09-03 | CVE-2019-6180 | Cross-site Scripting vulnerability in Lenovo Xclarity Administrator A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. | 4.8 |
| 2019-09-03 | CVE-2019-6179 | XXE vulnerability in Lenovo Xclarity Administrator and Xclarity Integrator An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. | 7.5 |
| 2019-05-03 | CVE-2019-6158 | Information Exposure Through Log Files vulnerability in Lenovo Xclarity Administrator An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. | 5.9 |