67 matches found
Cross-site Scripting (XSS) - Reflected in emoncms/emoncms
Description EmonCMS 10.9.19 has 2 reflected XSS vulnerabilities: 1 - one that is executed when a user tries to generate a new app whose name contains javascript code. The vulnerability leverages the default option of displayerrors within the processsettings.php file which produce unsanitized erro...
Cross-Site Request Forgery (CSRF) in emoncms/dashboard
💥 BUG csrf bug to change schedule to public 💥 STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/schedule/set.json?id=1&fields=%22public%22:true and your schedule will be change from private to public. 💥 IMPACT Any attacker can send those link to vicitm...
Cross-Site Request Forgery (CSRF) in emoncms/dashboard
💥 BUG csrf bug to regenerate api-key 💥 STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/user/newapikeywrite.json and a new api key will be generated. 💥 IMPACT Any attacker can send those link to vicitm and when vicitm open the link then api-key will be...
Cross-Site Request Forgery (CSRF) in emoncms/dashboard
💥 BUG csrf bug to change email 💥 STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/user/changeemail.json?&email=admin%40localhost.combm and your email will be changed. 💥 IMPACT Any attacker can send those link to vicitm and when vicitm open the link the...
Cross-Site Request Forgery (CSRF) in emoncms/emoncms
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in emoncms/emoncms
✍️ Description In CSRF attack if your users going to attacker website and click the mallicouse link then they able to steal users cookie, submit unwanted date, .... 🕵️♂️ Proof of Concept 1.you login in your account 2.you make a file contain the following html file. 3.open html as victim site...
Cross-Site Request Forgery (CSRF) in emoncms/emoncms
✍️ Description In CSRF attack if your users going to attacker website and click the mallicouse link then they able to steal users cookie, submit unwanted date, .... 🕵️♂️ Proof of Concept 1.you login in your account 2.you make a file contain the following html file. 3.open html as victim site...
Emoncms Cross-Site Scripting Vulnerability (CNVD-2021-13224)
Emoncms is an open source web application for processing, recording and visualizing energy, temperature and other environmental data. A cross-site scripting vulnerability exists in Modules/input/Views/schedule.php in Emoncms 10.2.7 and earlier versions. An attacker can exploit this vulnerability...
CVE-2021-26716
Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter...
CVE-2021-26716
Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter...
Input validation
Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter...
CVE-2021-26716
EMONCMS CVE-2021-26716 affects Modules/input/Views/schedule.php in Emoncms through 10.2.7, enabling cross-site scripting via the node parameter. The data from connected sources confirms the vulnerable component and version scope (10.2.7 and earlier) and the input parameter that can be exploited. ...
CVE-2021-26716
Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter...
Emoncms 跨站脚本漏洞
Emoncms is an open source web application for processing, recording and visualizing energy, temperature and other environmental data. A cross-site scripting vulnerability exists in Modules/input/Views/schedule.php in Emoncms 10.2.7 and earlier versions. An attacker can exploit this vulnerability...
Emoncms Cross-Site Scripting Vulnerability (CNVD-2019-22862)
Emoncms is an open source web application. The program is primarily used to process, record and display energy, temperature and other environmental data. A cross-site scripting vulnerability exists in Emoncms version 9.8.8. The vulnerability stems from the WEB application's lack of proper...
CVE-2019-1010008
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting XSS. The impact is: Theoretically low, but might potentially enable persistent XSS user could embed mal. code. The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "M...
CVE-2019-1010008
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting XSS. The impact is: Theoretically low, but might potentially enable persistent XSS user could embed mal. code. The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "M...
Cross site scripting
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting XSS. The impact is: Theoretically low, but might potentially enable persistent XSS user could embed mal. code. The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "M...
CVE-2019-1010008
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by a Cross Site Scripting (XSS) vulnerability. The issue involves JavaScript code execution in the fields Name, Location, Bio, and Starting Page on the My Account page, via Lib/listjs/list.js (line 67). The attack vector is listed as unknown, wi...
CVE-2019-1010008
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting XSS. The impact is: Theoretically low, but might potentially enable persistent XSS user could embed mal. code. The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "M...