34 matches found
CVE-2021-41542
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The User Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code whi...
CVE-2020-7574
A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the "Server Config" web interface of the affected devices that could allow an attacker to inject...
CVE-2020-7575
A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitra...
EUVD-2021-28561
Malicious code in bioql PyPI...
EUVD-2021-28560
Malicious code in bioql PyPI...
EUVD-2021-28559
Malicious code in bioql PyPI...
EUVD-2021-27544
Malicious code in bioql PyPI...
CVE-2021-41541
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The Group Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code...
CVE-2021-41542
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The User Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code whi...
CVE-2021-41541
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The Group Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code...
CVE-2021-41543
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access...
CVE-2021-41541
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The Group Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code...
CVE-2021-41542
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The User Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code whi...
Information disclosure
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access...
Cross site scripting
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The User Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code whi...
CVE-2021-41543
The CVE-2021-41543 vulnerability affects Siemens Climatix POL909 (AWB and AWM modules). It is an information disclosure in the web application’s handling of log files, allowing logged-in users to access sensitive files. Affected products: POL909 AWB and POL909 AWM modules; versions prior to 11.34...
CVE-2021-41541
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The Group Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code...
CVE-2021-41541
CVE-2021-41541 affects Siemens Climatix POL909: AWB and AWM web modules. The Group Management page is vulnerable to cross-site scripting (XSS) on all versions prior to V11.44 (AWB) and V11.36 (AWM). Exploitation could allow an attacker to inject JavaScript to hijack cookies/session tokens, redire...
Climatix POL909跨站脚本漏洞
Siemens Climatix AWB Advanced Web and BACnet Module, POL909 enables users of the Climatix 600 solution to connect to a BACnet IP network and to implement and load customer web pages and features.Siemens Climatix AWM Advanced Web Module, POL909 enables users of the Climatix 600 solution to impleme...
Siemens Climatix POL909
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Climatix POL909 AWB and AWM modules Vulnerabilities: Cross-site Scripting, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...