3 matches found
Computrols CBAS-Web 19.0.0 Cross Site Scripting
Computrols CBAS-Web Unauthenticated Reflected XSS Affected versions: 19.0.0 and below CVE: CVE-2019-10846 Advisory: https://applied-risk.com/resources/ar-2019-009 Paper: https://applied-risk.com/resources/i-own-your-building-management-system Discovered by Gjoko 'LiquidWorm' Krstic -- POST...
Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting
Exploit Title: Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting Google Dork: NA Date: 2018-09-06 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version:...
CVE-2019-10846
CVE-2019-10846 affects Computrols CBAS Web (versions prior to fixed 19.0.1/18.0.1 etc.). It describes an Unauthenticated Reflected Cross-Site Scripting vulnerability in the login and password-reset pages via the username GET parameter. Impact per sources is client-side script execution in a user’...