Lucene search
K

420 matches found

RedhatCVE
RedhatCVE
added 2025/12/06 5:54 p.m.7 views

CVE-2025-34264

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/dog/agentId endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored process name is stored in the settings array and...

5.4CVSS5.4AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 p.m.9 views

CVE-2025-34266

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are stored in plugin configuration data and lat...

5.4CVSS5.4AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 p.m.7 views

CVE-2025-34256

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote...

10CVSS7.8AI score0.00594EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 p.m.8 views

CVE-2025-34260

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

5.4CVSS5.4AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2025/12/05 6:15 p.m.11 views

CVE-2025-34266

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are stored in plugin configuration data and lat...

5.4CVSS0.00175EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.5 views

CVE-2025-34264

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/dog/agentId endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored process name is stored in the settings array and...

5.4CVSS0.00165EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.7 views

CVE-2025-34264

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/dog/agentId endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored process name is stored in the settings array and...

5.4CVSS5.7AI score0.00165EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.4 views

CVE-2025-34266

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are stored in plugin configuration data and lat...

5.4CVSS5.7AI score0.00175EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.12 views

CVE-2025-34265

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are stored and later rendered in rule listings o...

5.4CVSS0.00165EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.4 views

CVE-2025-34265

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are stored and later rendered in rule listings o...

5.4CVSS5.7AI score0.00165EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.2 views

CVE-2025-34263

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values are stored in plugin configuration data and...

5.4CVSS5.7AI score0.00165EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.6 views

CVE-2025-34263

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values are stored in plugin configuration data and...

5.4CVSS0.00165EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.3 views

CVE-2025-34256

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote...

10CVSS0.00594EPSS
Exploits0References4
NVD
NVD
added 2025/12/05 6:15 p.m.6 views

CVE-2025-34258

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered in the map list without HTML sanitization. A...

5.4CVSS0.00175EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.3 views

CVE-2025-34260

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

5.4CVSS0.00208EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.6 views

CVE-2025-34261

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without...

5.4CVSS0.00212EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.8 views

CVE-2025-34262

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devices/name/agentid endpoint. When an authenticated user renames a device, the newname value is stored and later rendered in device listings or detail views without proper...

5.4CVSS0.00175EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:15 p.m.10 views

CVE-2025-34259

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...

5.4CVSS0.00212EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.4 views

CVE-2025-34261

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without...

5.4CVSS5.7AI score0.00212EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:15 p.m.2 views

CVE-2025-34258

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered in the map list without HTML sanitization. A...

5.4CVSS5.7AI score0.00175EPSS
Exploits0References3
Rows per page
Query Builder