8 matches found
CVE-2018-18879
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php...
CVE-2018-18880
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting XSS vulnerability allows remote authenticated users to inject arbitrary web script...
CVE-2018-18880
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting XSS vulnerability allows remote authenticated users to inject arbitrary web script...
Command injection
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php...
Cross site scripting
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting XSS vulnerability allows remote authenticated users to inject arbitrary web script...
CVE-2018-18879
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php...
CVE-2018-18880
CVE-2018-18880 affects Columbia Weather Systems Weather MicroServer firmware MS_2.6.9900. A cross-site scripting flaw in the page networkdiags.php allows remote authenticated users to inject arbitrary web scripts (CWE-79). Root cause: improper input handling in the affected web page. Impact is XS...
CVE-2018-18880
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting XSS vulnerability allows remote authenticated users to inject arbitrary web script...