Lucene search
K

90 matches found

Packet Storm News
Packet Storm News
added 2025/06/11 12:0 a.m.3 views

Identity and Access Management for the Computing Continuum

The computing continuum introduces new challenges for access control due to its dynamic, distributed, and heterogeneous nature. In this paper, we propose a Zero-Trust ZT access control solution that leverages decentralized identification and authentication mechanisms based on Decentralized...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:8 p.m.8 views

CVE-2020-7480

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists in Andover Continuum All versions, which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data...

9.8CVSS7AI score0.01498EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:8 p.m.7 views

CVE-2020-7481

A CWE-79:Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists Andover Continuum All versions, which could enable a successful Cross-site Scripting XSS attack when using the products' web server...

6.1CVSS6.6AI score0.00773EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:48 a.m.8 views

CVE-2019-6853

A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702 , which could enable a successful Cross-site Scripting XSS attack when using the products web server...

6.1CVSS6.5AI score0.00641EPSS
Exploits0References1
OSV
OSV
added 2022/05/14 2:56 a.m.7 views

GHSA-7382-FV7P-V9V3 Apache Continuum and Archiva vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the...

4.3CVSS5.7AI score0.04198EPSS
Exploits0References15
Github Security Blog
Github Security Blog
added 2022/05/14 2:56 a.m.12 views

Apache Continuum and Archiva vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the...

4.3CVSS6AI score0.04198EPSS
Exploits0References16Affected Software2
vulnersOsv
vulnersOsv
added 2022/05/01 6:24 p.m.4 views

berkano:bean-displaytag (>=20050615.234814 <=20050616.015551), berkano:berkano-util (>=20050725.114415 <=dev-20050723) +28 more potentially affected by CVE-2007-4556 via opensymphony:xwork (>=1.0.3 <=1.2.2)

opensymphony:xwork MAVEN version =1.0.3, =20050615.234814, =20050725.114415, =2.1.5, =1.1.3, =1.0-alpha-1, =1.1-beta-1, =1.1-beta-1, =1.0-beta-2, =1.0-beta-3 - org.codehaus.jet:jet-web-engine =1.0-beta-2 and more Source cves: CVE-2007-4556 Source advisory: OSV:GHSA-H7MF-QRM9-2848...

6.8CVSS5.4AI score0.25749EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2022/04/07 6:1 a.m.7 views

careers.continuum.com.s3.adwisetest.nl Cross Site Scripting vulnerability OBB-2478705

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/08/03 12:0 a.m.5 views

The vulnerability of the building management software (management of access control, security systems, video surveillance, and automation) in Andover Continuum arises from the lack of measures to protect input data. This allows intruders to perform cross-site scripting attacks (XSS).

The vulnerability of the building management software management of access control, security systems, video surveillance, and automation in Andover Continuum is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a remote attacker to perform cross-si...

6.1CVSS6.1AI score0.00641EPSS
Exploits0References3
Openbugbounty
Openbugbounty
added 2020/11/04 10:48 a.m.8 views

continuumcarehospiceinc.net Cross Site Scripting vulnerability OBB-1481934

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Openbugbounty
Openbugbounty
added 2020/10/16 5:41 a.m.5 views

continuumcarehospiceinc.net Cross Site Scripting vulnerability OBB-1412500

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/09/30 4:14 p.m.9 views

continuumcarehospiceinc.net Cross Site Scripting vulnerability OBB-1374972

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/04/30 12:0 a.m.6 views

The vulnerability of the building management software (management of access control, security systems, video surveillance, and automation) Andover Continuum System, related to the possibility of interference with XML data processing by the application, allows a intruder to gain access to the files in the application server’s file system.

The vulnerability of the building management software management of access control, security systems, video surveillance, and automation Andover Continuum System is related to the possibility of interference with XML data processing by the application. Exploiting this vulnerability can allow a...

10CVSS7.8AI score0.01498EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/04/30 12:0 a.m.5 views

The vulnerability of the building management software (management of access control, security systems, video surveillance, and automation) Andover Continuum System, related to the lack of protection for website structures, allows attackers to execute cross-site scripting attacks (XSS attacks) during the use of web server applications.

The vulnerability of the building management software management of access control, security systems, video surveillance, and automation in Andover Continuum System is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious act...

6.1CVSS6.4AI score0.00773EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/04/30 12:0 a.m.6 views

The vulnerability of the building management software (management of access control, security systems, video surveillance, and automation) Andover Continuum System, related to the lack of protection for website structures, allows attackers to execute cross-site scripting attacks (XSS attacks) during the use of web server applications.

The vulnerability of the building management software managing access control, security systems, video surveillance, and automation in Andover Continuum System is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to...

6.1CVSS6.4AI score0.00776EPSS
Exploits0References3
CNVD
CNVD
added 2020/03/24 12:0 a.m.3 views

Andover Continuum Cross-Site Scripting Vulnerability

Andover Continuum is a BACnet building management system from Schneider Electric. A reflected cross-site scripting vulnerability exists in Andover Continuum. The vulnerability stems from improper neutralization of inputs during web page generation. An attacker could exploit this vulnerability to...

6.1CVSS6.2AI score0.00776EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/24 12:0 a.m.1 views

Andover Continuum Cross-Site Scripting Vulnerability (CNVD-2020-19526)

Andover Continuum is a BACnet building management system from Schneider Electric. A cross-site scripting vulnerability exists in Andover Continuum. The vulnerability stems from improper neutralization of inputs during web page generation. An attacker could exploit this vulnerability to conduct a...

6.1CVSS6.2AI score0.00773EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/24 12:0 a.m.3 views

Andover Continuum Code Injection Vulnerability

Andover Continuum is a BACnet building management system from Schneider Electric. A code injection vulnerability exists in Andover Continuum. The vulnerability stems from improper control over code generation. An attacker could use this vulnerability to read files on the application server file...

9.8CVSS7.4AI score0.01498EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/24 12:0 a.m.4 views

Schneider Electric Andover Continuum Cross-Site Scripting Vulnerability

Schneider Electric Andover Continuum is a suite of building automation solutions from the French company Schneider Electric. The product includes features such as heating ventilation and air conditioning and access control. A cross-site scripting vulnerability exists in Schneider Electric Andover...

6.1CVSS6.3AI score0.00773EPSS
Exploits0References1
NVD
NVD
added 2020/03/23 8:15 p.m.23 views

CVE-2020-7480

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists in Andover Continuum All versions, which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data...

9.8CVSS9.4AI score0.01498EPSS
Exploits0References1
Rows per page
Query Builder