Eduard Agavriloae - Security Researcher - Exploit Intelligence Platform

CVE-2023-51946 WRITEUP MEDIUM WRITEUP

actiNAS-SL-2U-8 RDX Firmware 3.2.03-SP1 - Reflected Cross-Site Scripting in nasSvr.php

Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML.

CVSS 6.1

View Code

CVE-2023-51947 WRITEUP CRITICAL WRITEUP

actiNAS SL 2U-8 RDX 3.2.03-SP1 - Info Disclosure

Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication.

CVSS 9.1

View Code

CVE-2023-51948 WRITEUP HIGH WRITEUP

actiNAS SL 2U-8 RDX 3.2.03-SP1 - Info Disclosure

A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application.

CVSS 7.5

View Code