Vulnerabilities > XEN Orchestra

DATE CVE VULNERABILITY TITLE RISK
2021-07-12 CVE-2021-36383 Unspecified vulnerability in Xen-Orchestra Xo-Server and Xo-Web
Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin.
network
low complexity
xen-orchestra
4.3