Xinuos Openserver vulnerabilities
3 known vulnerabilities affecting xinuos/openserver.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-25494CRITICALCVSS 9.8ExploitedPoCv5.0.7v6.02020-12-18
CVE-2020-25494 [CRITICAL] CWE-78 CVE-2020-25494: Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.
nvd
CVE-2020-25495MEDIUMCVSS 6.1PoCv5.0.7v6.02020-12-18
CVE-2020-25495 [MEDIUM] CWE-79 CVE-2020-25495: A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 an
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
nvd
CVE-2004-0230MEDIUMCVSS 5.0PoCv5.0.6v5.0.72004-08-18
CVE-2004-0230 [MEDIUM] CVE-2004-0230: TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
nvd