3731 matches found
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097401)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097500)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097203)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied da...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3096906)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097302)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097104)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied da...
Advantech WISE-DeviceOn Server Hard-Coded Encryption Key Vulnerability
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a hard-coded encryption key vulnerability that can be exploited by an attacker to impersonate an arbitrary account...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097699)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied da...
Advantech iView SQL Injection Vulnerability
Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from improper SNMP v1 trap request cleanup, which can be exploited by attackers to obta...
CVE-2025-34261
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without...
CVE-2025-34263
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values are stored in plugin configuration data and...
CVE-2025-34264
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/dog/agentId endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored process name is stored in the settings array and...
CVE-2025-34266
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are stored in plugin configuration data and lat...
CVE-2025-34256
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote...
CVE-2025-34259
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...
CVE-2025-34257
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/defined endpoint. When an authenticated user creates a task, the definedname value is stored and later rendered in the Overview page without HTML sanitization. An...
CVE-2025-34260
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...
CVE-2025-13373
Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap Port 162 requests, which could allow an attacker to inject SQL commands...
CVE-2025-34265
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are stored and later rendered in rule listings o...