CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config file

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...

CVE-2020-7574

A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the "Server Config" web interface of the affected devices that could allow an attacker to inject...