Vulnerabilities > Terra Master > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-11-27 CVE-2018-13361 Improper Input Validation vulnerability in Terra-Master Terramaster Operating System 3.1.03
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.
network
low complexity
terra-master CWE-20
5.0
2018-11-27 CVE-2018-13360 Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.
4.3
2018-11-27 CVE-2018-13359 Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.
6.8
2018-11-27 CVE-2018-13355 Incorrect Permission Assignment for Critical Resource vulnerability in Terra-Master Terramaster Operating System 3.1.03
Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.
network
low complexity
terra-master CWE-732
4.0
2018-11-27 CVE-2018-13352 Information Exposure vulnerability in Terra-Master Terramaster Operating System 3.1.03
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.
network
low complexity
terra-master CWE-200
5.0
2018-11-27 CVE-2018-13349 Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.
4.3
2018-11-27 CVE-2018-13333 Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
4.3
2018-11-27 CVE-2018-13332 Path Traversal vulnerability in Terra-Master Terramaster Operating System 3.1.03
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.
network
low complexity
terra-master CWE-22
5.0
2018-11-27 CVE-2018-13331 Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.
4.3
2018-11-27 CVE-2018-13337 Session Fixation vulnerability in Terra-Master Terramaster Operating System 3.1.03
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.
5.8