Vulnerabilities > Terra Master > Terramaster Operating System
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-13333 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. | 4.3 |
| 2018-11-27 | CVE-2018-13332 | Path Traversal vulnerability in Terra-Master Terramaster Operating System 3.1.03 Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter. | 5.0 |
| 2018-11-27 | CVE-2018-13331 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames. | 4.3 |
| 2018-11-27 | CVE-2018-13330 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter. | 9.0 |
| 2018-11-27 | CVE-2018-13337 | Session Fixation vulnerability in Terra-Master Terramaster Operating System 3.1.03 Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript. | 5.8 |
| 2018-11-27 | CVE-2018-13334 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. | 4.3 |
| 2018-11-27 | CVE-2018-13329 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter. | 4.3 |
| 2017-09-15 | CVE-2017-9328 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. | 10.0 |