Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25311 | 1 Kostasmitroglou | 1 Thesystem | 2026-03-12 | N/A | 6.4 MEDIUM |
| thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers. | |||||
| CVE-2019-25441 | 1 Kostasmitroglou | 1 Thesystem | 2026-03-12 | N/A | 9.8 CRITICAL |
| thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication. | |||||