16 matches found
EUVD-2020-21319
Malware in sbrugna...
EUVD-2020-21318
Malware in sbrugna...
CVE-2020-28931
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 21.0.11 allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website...
CVE-2020-28929
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 21.0.11 allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI...
CVE-2020-28930
A Cross-Site Scripting XSS issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 21.0.11 allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator...
CVE-2020-28931
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 21.0.11 allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website...
CVE-2020-28931
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 21.0.11 allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website...
CVE-2020-28930
A Cross-Site Scripting XSS issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 21.0.11 allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator...
CVE-2020-28929
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 21.0.11 allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI...
Integer overflow
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 21.0.11 allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI...
Cross site scripting
A Cross-Site Scripting XSS issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 21.0.11 allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator...
CVE-2020-28930
CVE-2020-28930 is an XSS flaw in EPSON EPS TSE Server 8 (21.0.11) affecting the settings/users.php “update user” and “delete user” paths. An authenticated attacker can inject JavaScript on the user management page that is executed by an administrator. The CVSSv3.1 base score is 5.4 (AV:N/AC:L/PR:...
CVE-2020-28930
A Cross-Site Scripting XSS issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 21.0.11 allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator...
CVE-2020-28929
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 21.0.11 allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI...
CVE-2020-28929
Technical details about CVE-2020-28929 are not publicly provided in the supplied documents; monitor for updates from sources to determine affected products, impact, and fixes.
EPSON EPS TSE Server Cross-Site Scripting Vulnerability
EPSON EPS TSE Server is a server from EPSON Japan. A cross-site scripting vulnerability exists in EPSON EPS TSE Server 8 that stems from a cross-site scripting XSS issue with the update user and delete user functions in settings users.php, which could be exploited by authenticated attackers to...