Vulnerabilities > Xigla > Absolute Control Panel XE

DATE CVE VULNERABILITY TITLE RISK
2009-07-14 CVE-2008-6859 Improper Authentication vulnerability in Xigla Absolute Control Panel XE 1.5
Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
network
low complexity
xigla CWE-287
7.5
7.5
2009-05-01 CVE-2009-1504 Improper Authentication vulnerability in Xigla Absolute Control Panel XE 1.5
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."
network
low complexity
xigla CWE-287
7.5
7.5
2008-06-18 CVE-2008-2756 Cross-Site Scripting vulnerability in Xigla Absolute Control Panel XE 1.0
Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter and other unspecified parameters.
network
xigla CWE-79
4.3
4.3