15 matches found
EUVD-2022-27951
Malicious code in bioql PyPI...
EUVD-2022-27950
Malicious code in bioql PyPI...
CVE-2022-22808
A CWE-352: Cross-Site Request Forgery CSRF exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert...
CVE-2022-22808
A CWE-352: Cross-Site Request Forgery CSRF exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert...
CVE-2022-22807
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert former...
CVE-2022-22808
A CWE-352: Cross-Site Request Forgery CSRF exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert...
Design/Logic Flaw
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert former...
CVE-2022-22808
A CWE-352: Cross-Site Request Forgery CSRF exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert...
Cross site request forgery (csrf)
A CWE-352: Cross-Site Request Forgery CSRF exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert...
EcoStruxure EV Charging Expert 安全漏洞
EcoStruxure EV Charging Expert is an electric vehicle charging infrastructure load management, access management and supervision solution from Schneider-electric, France. A security vulnerability exists in EcoStruxure EV Charging Expert, which stems from CWE-1021 An improper restriction in the...
CVE-2022-22807
The CVE-2022-22807 entry applies to EcoStruxure EV Charging Expert (pre-SP8 V4.0.0.13). Root cause: CWE-1021 Improper Restriction of Rendered UI Layers or Frames, enabling an attacker to influence the product by deceiving users to interact with an iframe-rendered web interface. Impact: potential ...
CVE-2022-22808
A CWE-352: Cross-Site Request Forgery CSRF exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert...
CVE-2022-22807
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert former...
Schneider Electric EcoStruxure EV Charging Expert 跨站请求伪造漏洞
Schneider Electric EcoStruxure EV Charging Expert is an electric vehicle charging infrastructure load management, access management, and supervision solution from Schneider Electric France. Schneider Electric EcoStruxure EV Charging Expert suffers from a cross-site request forgery vulnerability...
CVE-2022-22808
Schneider Electric EcoStruxure EV Charging Expert (formerly EVlink Load Management System) is affected by a CSRF vulnerability (CVE-2022-22808) in versions prior to V4.0.0.13. The issue enables a remote attacker to gain unauthorized access by bypassing same-origin policy protections through cross...