2 matches found
CVE-2026-29513
CVE-2026-29513 describes a stored XSS in Hereta ETH-IMC408M firmware ≤1.0.15. An authenticated attacker can inject JavaScript through the Device Location field via the System Status interface, with scripts executing in browsers of users viewing the status page. The CVSS 4.0 metrics indicate Netwo...
CVE-2026-29520 Hereta ETH-IMC408M Reflected XSS via ping_ipaddr Parameter
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...