xigla 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk sql injection and vendor risk cross-site scripting などに関し、一部は vendor impact unexpected behavior を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2008-6864 | Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | [email protected] | 7.5 | 2.51% | 2009-07-14 | 2026-06-16 |
| CVE-2008-6863 | Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | [email protected] | 7.5 | 2.51% | 2009-07-14 | 2026-06-16 |
| CVE-2008-6862 | Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | [email protected] | 7.5 | 2.51% | 2009-07-14 | 2026-06-16 |
| CVE-2008-6861 | Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | [email protected] | 7.5 | 2.51% | 2009-07-14 | 2026-06-16 |
| CVE-2008-6860 | Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | [email protected] | 7.5 | 2.52% | 2009-07-14 | 2026-06-16 |
| CVE-2008-6859 | Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | [email protected] | 7.5 | 2.51% | 2009-07-14 | 2026-06-16 |
| CVE-2008-6858 | Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | [email protected] | 7.5 | 2.51% | 2009-07-14 | 2026-06-16 |
| CVE-2008-6857 | Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | [email protected] | 7.5 | 2.59% | 2009-07-14 | 2026-06-16 |
| CVE-2008-6856 | Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | [email protected] | 7.5 | 2.54% | 2009-07-14 | 2026-06-16 |
| CVE-2008-6855 | Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie. | [email protected] | 7.5 | 2.51% | 2009-07-14 | 2026-06-16 |
| CVE-2008-6854 | Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | [email protected] | 7.5 | 2.54% | 2009-07-14 | 2026-06-16 |
| CVE-2009-1504 | Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1." | [email protected] | 7.5 | 2.43% | 2009-05-01 | 2026-06-16 |
| CVE-2008-4569 | SQL injection vulnerability in xlacomments.asp in XIGLA Software Absolute Poll Manager XE 4.1 allows remote attackers to execute arbitrary SQL commands via the p parameter. | [email protected] | 7.5 | 0.97% | 2008-10-15 | 2026-06-16 |
| CVE-2008-2768 | Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors ("all fields"). | [email protected] | 3.5 | 0.89% | 2008-06-18 | 2026-06-16 |
| CVE-2008-2767 | SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter. | [email protected] | 6.5 | 0.99% | 2008-06-18 | 2026-06-16 |
| CVE-2008-2766 | Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin/search.asp and (2) gallery.asp. | [email protected] | 4.3 | 1.10% | 2008-06-18 | 2026-06-16 |
| CVE-2008-2765 | SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action. | [email protected] | 7.5 | 1.19% | 2008-06-18 | 2026-06-16 |
| CVE-2008-2764 | Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields"). | [email protected] | 3.5 | 0.89% | 2008-06-18 | 2026-06-16 |
| CVE-2008-2763 | SQL injection vulnerability in search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. | [email protected] | 6.5 | 0.99% | 2008-06-18 | 2026-06-16 |
| CVE-2008-2762 | SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. | [email protected] | 6.5 | 0.99% | 2008-06-18 | 2026-06-16 |