4 matches found
CVE-2020-28929
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 21.0.11 allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI...
CVE-2020-28930
A Cross-Site Scripting XSS issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 21.0.11 allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator...
EPSON EPS TSE Server Cross-Site Request Forgery Vulnerability
EPSON EPS TSE Server is a server from EPSON Japan. EPSON EPS TSE Server 8 suffers from a cross-site request forgery vulnerability that stems from a lack of anti-csrf tokens throughout the administration interface, allowing an unauthenticated attacker to exploit the vulnerability by visiting a...
EPSON EPS TSE Server Authorization Issues Vulnerability
EPSON EPS TSE Server is a server from EPSON Japan. EPSON EPS TSE Server 8 suffers from an authorization issue vulnerability that arises from unrestricted access to the logdownloader function allowing an unauthenticated attacker to remotely retrieve management hash certificates via maintenance...