ZOLL Defibrillator Dashboard, v prior to 2.2,The affected productβs web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users.
5.4CVSS
5.4AI Score
0.001EPSS
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information.
5.5CVSS
5.5AI Score
0.0004EPSS
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user.
7.8CVSS
7.7AI Score
0.0004EPSS
ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.
7.5CVSS
7.3AI Score
0.002EPSS
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information.
5.5CVSS
5.5AI Score
0.0004EPSS
ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands.
8.8CVSS
8.7AI Score
0.001EPSS