Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-29510

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-29520

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...

6.1CVSS5.9AI score0.00155EPSS
Exploits0References1
NVD
NVD
added 2026/03/16 6:16 p.m.6 views

CVE-2026-29513

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that...

5.4CVSS0.00138EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 6:16 p.m.4 views

CVE-2026-29520

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...

6.1CVSS0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 4:55 p.m.27 views

CVE-2026-29520 Hereta ETH-IMC408M Reflected XSS via ping_ipaddr Parameter

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...

6.1CVSS0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 4:55 p.m.15 views

CVE-2026-29520

The CVE-2026-29520 affects Hereta ETH-IMC408M firmware 1.0.15 and earlier. It is a reflected XSS in the Network Diagnosis ping function via the ping_ipaddr parameter, allowing an attacker to execute arbitrary JavaScript and potentially compromise an authenticated administrator session. CVSS 4.0 b...

6.1CVSS5.9AI score0.00155EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.9 views

Hereta ETH-IMC408M 跨站请求伪造漏洞

The Hereta ETH-IMC408M is an Ethernet switch device produced by the Hereta company in the United States. Versions of Hereta ETH-IMC408M prior to 1.0.15 contained a cross-site request forgery vulnerability. This vulnerability stemmed from a lack of cross-site request forgery protection in the...

5.1CVSS5.7AI score0.0011EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Hereta ETH-IMC408M 跨站脚本漏洞

The Hereta ETH-IMC408M is an Ethernet switch device produced by the Hereta company in the United States. Versions of Hereta ETH-IMC408M prior to 1.0.15 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the Device Location field, which could lead ...

5.4CVSS5.6AI score0.00138EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25783

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the ping ipaddr parameter ...

5.1CVSS5.9AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.11 views

PT-2026-25782

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that...

5.1CVSS5.8AI score0.00138EPSS
Exploits0References2
Rows per page
Query Builder