NeDi Consulting NeDi Cross-Site Scripting Vulnerability (CNVD-2020-44584)

NeDi Consulting NeDi is a suite of open source software that supports the discovery and mapping of network devices from the Swiss company NeDi Consulting. NeDi Consulting A cross-site scripting vulnerability exists in the 'sanitize' function of the inc/libmisc.php file in NeDi version 1.9C. The...

CVE-2020-14413

NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta=...