Archive for March 2016

Full Disclosure – Veeam Backup Enterprise Manager Service v9

Vendor: Veeam Product: Veeam Backup Enterprise Manager Service v9.0.0.902 Type of vulnerability: Multiple, persistent Cross Site Scripting CVSS: 4.1 (AV:A/AC:L/Au:S/C:P/I:P/A:N) CVE: requested Exploit-DB OSVDB: Discovered by: GoSecure! Date of discovery: 16 september 2016 First contact with vendor: 18  september 2016 – Case Id: 01702458 Patching date: 24 march 2016 Full Disclosure: 25 march 2016 Details: A cross site scripting web vulnerability has been… (read more)