LabKey Server 漏洞列表
共找到 6 个与 LabKey Server 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2019-3911: LabKey Server Community Edition <18.3.0 - Cross-Site Scripting POC
LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /__r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript. -
CVE-2019-3912: LabKey Server Community Edition <18.3.0 - Open Redirect POC
LabKey Server Community Edition before 18.3.0-61806.763 contains an open redirect vulnerability via the /__r1/ returnURL parameter, which allows an attacker to redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. -
CVE-2019-9757: LabKey Server 19.1.0 - XML External Entity (XXE) POC
An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read. -
CVE-2019-3911: LabKey Server Community Edition <18.3.0 - Cross-Site Scripting POC
LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /__r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript. -
CVE-2019-3912: LabKey Server Community Edition <18.3.0 - Open Redirect POC
LabKey Server Community Edition before 18.3.0-61806.763 contains an open redirect vulnerability via the /__r1/ returnURL parameter, which allows an attacker to redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. -
CVE-2019-9757: LabKey Server 19.1.0 - XML External Entity (XXE) POC
An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read.