Web Interface Security Vulnerabilities
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...
6.1CVSS
6.7AI Score
0.0004EPSS
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...
4.8CVSS
6.6AI Score
0.0004EPSS
Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
9.8CVSS
9.8AI Score
0.001EPSS
Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. An attacker must first obtain the ability to execute low-privileged code on the target system in...
7.8CVSS
8AI Score
0.001EPSS
Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information...
7.7CVSS
6.6AI Score
0.0005EPSS
Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. When uploading the image file, an authenticated attacker could...
8.7CVSS
6.8AI Score
0.001EPSS
5.5CVSS
5.6AI Score
0.0004EPSS
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on...
7.5CVSS
7.7AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file...
7.5CVSS
7.5AI Score
0.001EPSS
Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log...
9.8CVSS
9.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on...
5.5CVSS
5.5AI Score
0.0004EPSS
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on...
5.5CVSS
5.4AI Score
0.0004EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search...
7.5CVSS
7.4AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS...
7.5CVSS
7.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security ...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log...
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.7AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web...
9.8CVSS
9.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known...
9.8CVSS
9.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based...
7.5CVSS
7.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy ...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged...
6.5CVSS
6.4AI Score
0.0005EPSS
The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and.....
9.8CVSS
9.5AI Score
0.002EPSS
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the....
6.1CVSS
6AI Score
0.001EPSS
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a...
5.4CVSS
5.3AI Score
0.0005EPSS
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a...
6.1CVSS
6AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that...
6.5CVSS
6.7AI Score
0.001EPSS
Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO...
4.8CVSS
5.2AI Score
0.001EPSS
A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface...
5.4CVSS
5.2AI Score
0.001EPSS
In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On...
5.4CVSS
5.2AI Score
0.001EPSS
Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as "Remember me for 7 days" cookie value makes it possible for an...
8.8CVSS
8.5AI Score
0.001EPSS
An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service...
7.5CVSS
7.7AI Score
0.001EPSS
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized...
9.8CVSS
9.6AI Score
0.002EPSS
A vulnerability was found in Control iD Gerencia Web 1.30. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The...
6.1CVSS
6AI Score
0.001EPSS
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component...
4.8CVSS
5.2AI Score
0.001EPSS
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component...
4.8CVSS
5.2AI Score
0.001EPSS
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information...
6.5CVSS
6.2AI Score
0.001EPSS
A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a...
6.5CVSS
6.7AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this....
8.8CVSS
8.6AI Score
0.003EPSS
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST...
7.2CVSS
7.4AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.4AI Score
0.001EPSS
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address...
7.8AI Score
0.633EPSS
The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without...
7.1AI Score
0.002EPSS