4 matches found
CVE-2020-21993
In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...
packetstormsecurity WEMS Enterprise Manager 跨站脚本漏洞
packetstormsecurity WEMS Enterprise Manager is a packetstormsecurity open source application. A centralized management and monitoring system for many WEMS-equipped sites. A cross-site scripting vulnerability exists in packetstormsecurity WEMS Enterprise Manager 2.58, which arises from input passe...
WEMS Enterprise Manager 2.58 Cross Site Scripting
WEMS Enterprise Manager 2.58 email Reflected XSS Vendor: WEMS Limited Product web page: https://www.wems.co.uk Affected version: 2.58.8903 2.55.8806 2.55.8782 2.19.7959 Summary: WEMS Enterprise Manager is a centralised management and monitoring system for many WEMS equipped sites. It retrieves an...
WEMS Enterprise Manager 2.58 (email) Reflected XSS
Summary WEMS Enterprise Manager is a centralised management and monitoring system for many WEMS equipped sites. It retrieves and stores data to enable energy analysis at an enterprise wide level. It is designed to give global visibility of the key areas that affect a buildings' environmental and...