9 matches found
Cross-site scripting vulnerability in multiple Schneider Electric products (CNVD-2019-34798)
Schneider Electric MEG6501-0001-U.motion KNX server and others are a web-based visualization system from Schneider Electric France. The system is mainly used for KNX-based home and building automation. A cross-site scripting vulnerability exists in several Schneider Electric products. An attacker...
CVE-2019-6835
A Cross-Site Scripting XSS CWE-79 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to inject...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF: CWE-918 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could cause server...
Unrestricted file upload
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow a...
CVE-2019-6840
A Format String: CWE-134 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to send a crafted messa...
CVE-2019-6837
A Server-Side Request Forgery SSRF: CWE-918 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could cause server...
CVE-2019-6837
CVE-2019-6837 describes a Server-Side Request Forgery (SSRF) in Schneider Electric’s U.motion Server family (MEG6501-0001 U.motion KNX server; MEG6501-0002 U.motion KNX Server Plus; MEG6260-0410 U.motion KNX Server Plus; Touch 10; MEG6260-0415 Touch 15). The flaw allows an attacker to cause the s...
CVE-2019-6835
CVE-2019-6835 is a Cross-Site Scripting (XSS, CWE-79) issue affecting Schneider Electric U.motion Server family (e.g., MEG6501-0001/0002, MEG6260-0410/0415, Touch 10/15). The linked documents describe that an attacker could inject client-side script when a user visits a web page served by U.motio...
CVE-2019-6835
A Cross-Site Scripting XSS CWE-79 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to inject...