Vulnerabilities > Planetestream > Planet Estream > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-25 | CVE-2022-45894 | Path Traversal vulnerability in Planetestream Planet Estream GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files. | 6.5 |
| 2022-12-25 | CVE-2022-45895 | Exposure of Resource to Wrong Sphere vulnerability in Planetestream Planet Estream Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure). | 6.5 |
| 2022-12-25 | CVE-2022-45890 | Cross-site Scripting vulnerability in Planetestream Planet Estream In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via any metadata filter field (e.g., search within Default.aspx with the r or fo parameter). | 6.1 |
| 2022-12-25 | CVE-2022-45892 | Cross-site Scripting vulnerability in Planetestream Planet Estream In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username. | 5.4 |