Vulnerabilities > Terra Master > Terramaster Operating System > 3.1.03

DATE CVE VULNERABILITY TITLE RISK
2018-11-27 CVE-2018-13333 Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. 		4.3
4.3
2018-11-27 CVE-2018-13332 Path Traversal vulnerability in Terra-Master Terramaster Operating System 3.1.03
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.
network
low complexity
terra-master CWE-22
5.0
5.0
2018-11-27 CVE-2018-13331 Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames. 		4.3
4.3
2018-11-27 CVE-2018-13330 OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
network
low complexity
terra-master CWE-78
critical
 9.0
9.0
2018-11-27 CVE-2018-13337 Session Fixation vulnerability in Terra-Master Terramaster Operating System 3.1.03
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript. 		5.8
5.8
2018-11-27 CVE-2018-13334 Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03
Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. 		4.3
4.3
2018-11-27 CVE-2018-13329 Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter. 		4.3
4.3