Lucene search

K

5 matches found

CVE
CVE
added 2020/06/29 5:15 p.m.50 views

CVE-2020-14413

NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= v...

6.1CVSS5.9AI score0.1789EPSS
CVE
CVE
added 2020/06/29 5:15 p.m.43 views

CVE-2020-14412

NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. (This...

9CVSS8.6AI score0.03782EPSS
CVE
CVE
added 2020/06/29 5:15 p.m.42 views

CVE-2020-14414

NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also b...

9CVSS8.6AI score0.03782EPSS
CVE
CVE
added 2020/06/26 2:15 p.m.29 views

CVE-2020-15016

NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter.

6.1CVSS6AI score0.0024EPSS
CVE
CVE
added 2020/06/26 2:15 p.m.28 views

CVE-2020-15017

NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter.

6.1CVSS6AI score0.0024EPSS