Parallels H-Sphere vulnerabilities
3 known vulnerabilities affecting parallels/h-sphere.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-30777P2MEDIUMCVSS 6.1ExploitedPoCv3.6.22022-05-16
CVE-2022-30777 [MEDIUM] CWE-79 CVE-2022-30777: Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
nvd
CVE-2008-6465P4MEDIUMCVSS 4.3PoCv3.0.0v3.12009-03-13
CVE-2008-6465 [MEDIUM] CWE-79 CVE-2008-6465: Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere
Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters.
nvd
CVE-2012-5004P4MEDIUMCVSS 6.8v3.32012-09-19
CVE-2012-5004 [MEDIUM] CWE-352 CVE-2012-5004: Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow r
Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html.
nvd