Tobesoft Co Ltd Xplatform vulnerabilities
2 known vulnerabilities affecting tobesoft_co_ltd/xplatform.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2021-26626P3HIGHCVSS 8.8≥ unspecified, < 9.2.2.2802022-04-19
CVE-2021-26626 [HIGH] CWE-20 CVE-2021-26626: Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrar
Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability
nvd
CVE-2021-26629P3HIGHCVSS 8.8≥ unspecified, ≤ 9.2.2.2802022-04-26
CVE-2021-26629 [HIGH] CWE-22 CVE-2021-26629: A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file
A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’.
nvd