9 matches found
CVE-2025-53515
A vulnerability exists in Advantech iView that allows for SQL injectionand remote code execution through NetworkServlet.archiveTrap(). Thisissue requires an authenticated attacker with at least user-levelprivileges. Certain input parameters are not sanitized, allowing anattacker to perform SQL inje...
CVE-2025-53509
A vulnerability exists in Advantech iView that allows for argumentinjection in the NetworkServlet.restoreDatabase(). This issue requiresan authenticated attacker with at least user-level privileges. An inputparameter can be used directly in a command without proper sanitization,allowing arbitrary a...
CVE-2025-53397
A vulnerability exists in Advantech iView versions prior to 5.7.05 build7057, which could allow a reflected cross-site scripting (XSS) attack.By exploiting this flaw, an attacker could execute unauthorized scriptsin the user's browser, potentially leading to information disclosure orother malicious...
CVE-2025-53475
A vulnerability exists in Advantech iView that could allow for SQLinjection and remote code execution throughNetworkServlet.getNextTrapPage(). This issue requires an authenticatedattacker with at least user-level privileges. Certain parameters in thisfunction are not properly sanitized, allowing an...
CVE-2025-41442
A vulnerability exists in Advantech iView versions prior to 5.7.05 build7057, which could allow a reflected cross-site scripting (XSS) attack.By manipulating certain input parameters, an attacker could executeunauthorized scripts in the user's browser, potentially leading toinformation disclosure o...
CVE-2025-46704
A vulnerability exists in Advantech iView inNetworkServlet.processImportRequest() that could allow for a directorytraversal attack. This issue requires an authenticated attacker with atleast user-level privileges. A specific parameter is not properlysanitized or normalized, potentially allowing an ...
CVE-2025-48891
A vulnerability exists in Advantech iView that could allow for SQLinjection through the CUtils.checkSQLInjection() function. Thisvulnerability can be exploited by an authenticated attacker with atleast user-level privileges, potentially leading to informationdisclosure or a denial-of-service condit...
CVE-2025-52577
A vulnerability exists in Advantech iView that could allow SQL injectionand remote code execution through NetworkServlet.archiveTrapRange().This issue requires an authenticated attacker with at least user-levelprivileges. Certain input parameters are not properly sanitized,allowing an attacker to p...
CVE-2025-53519
A vulnerability exists in Advantech iView versions prior to 5.7.05 build7057, which could allow a reflected cross-site scripting (XSS) attack.By manipulating specific parameters, an attacker could executeunauthorized scripts in the user's browser, potentially leading toinformation disclosure or oth...