2 matches found
Wiesemann & Theis ComServer Series Improper Neutralization of Input During Web Page Generation (CVE-2022-42786)
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage This plugin only works with Tenable.ot. Please visit...
Authentication flaw
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...