4 matches found
CVE-2020-28930
A Cross-Site Scripting XSS issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 21.0.11 allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator...
CVE-2020-28929
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 21.0.11 allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI...
EPSON EPS TSE Server Authorization Issues Vulnerability
EPSON EPS TSE Server is a server from EPSON Japan. EPSON EPS TSE Server 8 suffers from an authorization issue vulnerability that arises from unrestricted access to the logdownloader function allowing an unauthenticated attacker to remotely retrieve management hash certificates via maintenance...
EPSON EPS TSE Server Cross-Site Request Forgery Vulnerability
EPSON EPS TSE Server is a server from EPSON Japan. EPSON EPS TSE Server 8 suffers from a cross-site request forgery vulnerability that stems from a lack of anti-csrf tokens throughout the administration interface, allowing an unauthenticated attacker to exploit the vulnerability by visiting a...