Dialogic Powermedia Xms — known CVE vulnerabilities
Every CVE whose affected-product data names Dialogic Powermedia Xms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2018-11635 — CVSS 9.8 (critical): Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the…
CVE-2018-11641 — CVSS 9.8 (critical): Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia…
CVE-2018-11640 — CVSS 9.1 (critical): XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read…
CVE-2018-11636 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote…
CVE-2018-11643 — CVSS 8.8 (high): SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to…
CVE-2018-11639 — CVSS 8.1 (high): Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in…
CVE-2018-11634 — CVSS 7.8 (high): Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web…
CVE-2018-11642 — CVSS 7.8 (high): Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows…
CVE-2018-11637 — CVSS 7.5 (high): Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read…
CVE-2018-11638 — CVSS 7.2 (high): Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote…