Search
Search Results (3 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-41083 | 1 Altitude | 1 Communication Server | 2026-01-27 | N/A |
| Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious website. This behavior can be used to redirect clients to endpoints controlled by the attacker. | ||||
| CVE-2025-41082 | 1 Altitude | 1 Communication Server | 2026-01-27 | N/A |
| Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which could allow request hiding, cache poisoning or security bypass. | ||||
| CVE-2014-9212 | 1 Altitude | 1 Altitude Unified Customer Interaction | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section. | ||||
Page 1 of 1.