Vulnerabilities > Leostream > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-18 | CVE-2021-41551 | Link Following vulnerability in Leostream Connection Broker 9.0.40.17 Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link. | 4.9 |
| 2021-08-06 | CVE-2021-38157 | Cross-site Scripting vulnerability in Leostream Connection Broker 9.0.10/9.0.3/9.0.34 LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. | 6.1 |