68 matches found
EUVD-2022-55923
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...
CVE-2022-50802
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...
CVE-2022-50802
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...
CVE-2022-50802
ETAP Safety Manager 1.0.0.32 is affected by an unauthenticated reflected XSS in the 'action' GET parameter. The vulnerability allows injection of HTML/JavaScript to execute in victims’ browsers, potentially leaking credentials or enabling unauthorized actions. The issue is documented across multi...
CVE-2022-50802 ETAP Safety Manager 1.0.0.32 Unauthenticated Reflected Cross-Site Scripting via Action Parameter
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...
CVE-2022-50802 ETAP Safety Manager 1.0.0.32 Unauthenticated Reflected Cross-Site Scripting via Action Parameter
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...
ETAP Safety Manager 跨站脚本漏洞
ETAP Safety Manager is a centralized monitoring and management system for emergency lighting from ETAP. A cross-site scripting vulnerability exists in ETAP Safety Manager version 1.0.0.32, which stems from a cross-site scripting vulnerability in the action GET parameter that could lead to malicio...
PT-2025-54249
Name of the Vulnerable Software and Affected Versions ETAP Safety Manager version 1.0.0.32 Description ETAP Safety Manager version 1.0.0.32 contains a cross-site scripting issue in the action GET parameter. This allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers c...
EUVD-2022-52264
Malicious code in bioql PyPI...
EUVD-2022-44164
Malicious code in bioql PyPI...
EUVD-2022-52265
Malicious code in bioql PyPI...
CVE-2022-30314
Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...
CVE-2022-30315
Honeywell Experion PKS Safety Manager SM and FSC through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The affected components are characterized as: Honeywell...
CVE-2022-30313
Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are...
Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Exposed Dangerous Method or Function (CVE-2023-5389)
An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files...
Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Improper Handling of Length Parameter Inconsistency (CVE-2023-5393)
Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and...
Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2023-5394)
Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations...
Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Stack-based Buffer Overflow (CVE-2023-5395)
Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit...
Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Stack-based Buffer Overflow (CVE-2023-5401)
Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. This...
Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Heap-based Buffer Overflow (CVE-2023-5400)
Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. This...