Security Advisories

Vulnerabilities identified by Horizon during security assessments and research activities

Multiple XSS and CSRF in TIBCO ActiveMatrix - CVE-2019-8991, CVE-2019-11203

Horizon Security identified multiple XSS and CSRF vulnerabilities in the administrative interface, REST API, workspace client and openspace client of ActiveMatrix BPM. These vulnerabilities may allow an attacker to execute JavaScript code in the user browser and may trick the authenticated users of the web application into executing actions of the attacker's choosing.

Tuesday, 21 May 2019 Autore Horizon Security Staff

XSS in Aruba Instant - CVE-2018-7064

Horizon Security identified an XSS vulnerability in the web interface widget of Aruba Instant, which allows an attacker to execute JavaScript code in the user browser within the context of the web application.

Thursday, 28 February 2019 Autore Horizon Security Staff

Xerox Altalink Printer - Remote code execution - CVE-2018-17172

Horizon Security discovered a command injection that lead to remote code execution in Xerox's AltaLink printers.

Monday, 28 January 2019 Autore Horizon Security Staff