CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 5:2 p.m.•5 views

CVE-2020-28931

Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 21.0.11 allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website...

8.8CVSS7.3AI score0.00504EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:27 p.m.•5 views

CVE-2020-28929

Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 21.0.11 allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI...

9.8CVSS7.1AI score0.01232EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:6 p.m.•5 views

CVE-2020-28930

A Cross-Site Scripting XSS issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 21.0.11 allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator...

5.4CVSS5.7AI score0.00625EPSS

Exploits1

NVD•added 2020/12/16 9:15 p.m.•10 views

CVE-2020-28931

8.8CVSS8.8AI score0.00504EPSS

OSV•added 2020/12/16 9:15 p.m.•2 views

CVE-2020-28929

9.8CVSS5.8AI score0.01232EPSS

NVD•added 2020/12/16 9:15 p.m.•13 views

CVE-2020-28930

5.4CVSS5.2AI score0.00625EPSS

OSV•added 2020/12/16 9:15 p.m.•2 views

CVE-2020-28930

5.4CVSS6.1AI score0.00625EPSS

Prion•added 2020/12/16 9:15 p.m.•11 views

Integer overflow

7.5CVSS9.4AI score0.01232EPSS

Prion•added 2020/12/16 9:15 p.m.•13 views

Cross site request forgery (csrf)

6.8CVSS8.7AI score0.00504EPSS

Prion•added 2020/12/16 9:15 p.m.•10 views

Cross site scripting

3.5CVSS5.1AI score0.00625EPSS

Cvelist•added 2020/12/16 8:28 p.m.•17 views

CVE-2020-28931

8.8AI score0.00504EPSS

Cvelist•added 2020/12/16 8:26 p.m.•18 views

CVE-2020-28930

5.2AI score0.00625EPSS

CVE•added 2020/12/16 8:26 p.m.•36 views

CVE-2020-28930

CVE-2020-28930 is an XSS flaw in EPSON EPS TSE Server 8 (21.0.11) affecting the settings/users.php “update user” and “delete user” paths. An authenticated attacker can inject JavaScript on the user management page that is executed by an administrator. The CVSSv3.1 base score is 5.4 (AV:N/AC:L/PR:...

5.4CVSS5.1AI score0.00625EPSS

Cvelist•added 2020/12/16 8:22 p.m.•17 views

CVE-2020-28929

9.5AI score0.01232EPSS

CVE•added 2020/12/16 8:22 p.m.•34 views

CVE-2020-28929

Technical details about CVE-2020-28929 are not publicly provided in the supplied documents; monitor for updates from sources to determine affected products, impact, and fixes.

9.8CVSS9.3AI score0.01232EPSS

CNNVD•added 2020/12/16 12:0 a.m.•4 views

EPSON EPS TSE Server Authorization Issues Vulnerability

EPSON EPS TSE Server is a server from EPSON Japan. EPSON EPS TSE Server 8 suffers from an authorization issue vulnerability that arises from unrestricted access to the logdownloader function allowing an unauthenticated attacker to remotely retrieve management hash certificates via maintenance...

9.8CVSS7.3AI score0.01232EPSS

CNNVD•added 2020/12/16 12:0 a.m.•5 views

EPSON EPS TSE Server Cross-Site Scripting Vulnerability

EPSON EPS TSE Server is a server from EPSON Japan. A cross-site scripting vulnerability exists in EPSON EPS TSE Server 8 that stems from a cross-site scripting XSS issue with the update user and delete user functions in settings users.php, which could be exploited by authenticated attackers to...

5.4CVSS5.9AI score0.00625EPSS

CNNVD•added 2020/12/16 12:0 a.m.•3 views

EPSON EPS TSE Server Cross-Site Request Forgery Vulnerability

EPSON EPS TSE Server is a server from EPSON Japan. EPSON EPS TSE Server 8 suffers from a cross-site request forgery vulnerability that stems from a lack of anti-csrf tokens throughout the administration interface, allowing an unauthenticated attacker to exploit the vulnerability by visiting a...

8.8CVSS7.3AI score0.00504EPSS