Nedi Security Vulnerabilities and Issues — Nedi CVE List

Lucene search

NediNedi

5 matches found

CVE•added 2020/06/29 5:15 p.m.•50 views

CVE-2020-14413

NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= v...

6.1CVSS5.9AI score0.15743EPSS

CVE•added 2019/01/17 2:29 a.m.•35 views

CVE-2018-20729

A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php.

6.1CVSS6.3AI score0.0026EPSS

CVE•added 2019/01/17 2:29 a.m.•33 views

CVE-2018-20731

A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php.

6.1CVSS6.2AI score0.0026EPSS

CVE•added 2020/06/26 2:15 p.m.•29 views

CVE-2020-15016

NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter.

6.1CVSS6AI score0.0024EPSS

CVE•added 2020/06/26 2:15 p.m.•28 views

CVE-2020-15017

NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter.

6.1CVSS6AI score0.0024EPSS