CVE-2022-35135

Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/...

Design/Logic Flaw

Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/...

Cross site scripting

Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting XSS vulnerability...

Design/Logic Flaw

Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests...

Sql injection

SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive...

CVE-2022-34020

Cross Site Request Forgery CSRF vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts...

CVE-2022-35136

Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests...

Boodskap IoT Platform 访问控制错误漏洞

Boodskap IoT Platform is an IoT platform from Boodskap. A security vulnerability exists in Boodskap IoT Platform version v4.4.9-02, which can be exploited by an attacker to issue unauthenticated API requests...

PT-2022-21972 · Unknown · Resiot Iot Platform +1

Name of the Vulnerable Software and Affected Versions: ResIOT IOT Platform + LoRaWAN Network Server versions through 4.1.1000114 Description: The issue concerns multiple Cross Site Scripting XSS vulnerabilities. These vulnerabilities can be exploited via the form fields. Recommendations: For...

CVE-2022-34022

SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive...

CVE-2022-35134

The CVE-2022-35134 case concerns Boodskap IoT Platform v4.4.9-02, with a cross-site scripting (XSS) vulnerability in the web application. The connected documents identify the affected product/version and attribute the root cause to insufficient input validation and output cleanup across multiple ...

PT-2022-22594 · Unknown · Boodskap Iot Platform

Name of the Vulnerable Software and Affected Versions: Boodskap IoT Platform version 4.4.9-02 Description: The issue allows attackers to make unauthenticated API requests. Recommendations: For Boodskap IoT Platform version 4.4.9-02, consider restricting access to API endpoints to prevent...

CVE-2022-35136

Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests...

CVE-2022-35136

CVE-2022-35136 affects Boodskap IoT Platform v4.4.9-02. The issue allows attackers to make unauthenticated API requests, with the CVSS 3.1 vector indicating network access, low attack complexity, and a low privileges requirement, but high integrity impact (I:H). Public references identify /api en...

PT-2022-22592 · Unknown · Boodskap Iot Platform

Name of the Vulnerable Software and Affected Versions: Boodskap IoT Platform version 4.4.9-02 Description: The issue is related to a cross-site scripting XSS vulnerability. Cross-site scripting is a type of security vulnerability that occurs when an attacker is able to inject malicious scripts in...

CVE-2022-35134

Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting XSS vulnerability...

CVE-2022-35135

Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/...

CVE-2022-34020

Cross Site Request Forgery CSRF vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts...

PT-2022-21971 · Unknown · Resiot Iot Platform +1

Name of the Vulnerable Software and Affected Versions: ResIOT IOT Platform + LoRaWAN Network Server versions through 4.1.1000114 Description: A Cross Site Request Forgery CSRF issue allows attackers to add new admin users to the platform or cause other unspecified impacts. This can be achieved by...