Vulnerabilities > Leostream
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-18 | CVE-2021-41550 | Unrestricted Upload of File with Dangerous Type vulnerability in Leostream Connection Broker 9.0.40.17 Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code. | 6.5 |
| 2022-01-18 | CVE-2021-41551 | Link Following vulnerability in Leostream Connection Broker 9.0.40.17 Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link. | 4.0 |
| 2021-08-06 | CVE-2021-38157 | Cross-site Scripting vulnerability in Leostream Connection Broker 9.0.10/9.0.3/9.0.34 LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. | 6.1 |
| 2020-10-06 | CVE-2020-26574 | Cross-site Scripting vulnerability in Leostream Connection Broker Leostream Connection Broker 8.2.x is affected by stored XSS. | 9.6 |
| 2018-10-30 | CVE-2018-18817 | Unspecified vulnerability in Leostream Agent and Connection Broker The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. | 5.0 |