3 matches found
CVE-2018-15820
CVE-2018-15820 affects EasyIO-30P controllers prior to version 2.0.5.27, where the web interface (dev.htm GDN parameter) is vulnerable to stored XSS. The vulnerability enables cross-site scripting within the device’s web UI and is listed with remote-exploit capability; a patch is noted by sources...
EasyIO 30P Authentication Bypass / Cross Site Scripting Vulnerabilities
EasyIO 30P versions prior to 2.0.5.27 suffer from authentication bypass and cross site scripting vulnerabilities. EasyIO 30P Authentication Bypass / Cross Site Scripting Vulnerabilities INFORMATION Product: EasyIO 30P http://www.easyio.com Affected versions: 2.0.5.27 tested on version 2.0.5.16 CV...
EasyIO 30P Authentication Bypass / Cross Site Scripting
INFORMATION Product: EasyIO 30P http://www.easyio.com Affected versions: 2.0.5.27 tested on version 2.0.5.16 CVE IDs: CVE-2018-15820 Stored XSS and CVE-2018-15819 Authentication bypass Remote-exploit: yes TIMELINE Vendor notification: 3rd August, 2018 Vendor acknowledgment: 22nd August, 2018 Patc...