Lucene search
K
OpenenergymonitorEmoncms

6 matches found

CVE
CVE
added 2019/07/15 1:54 a.m.168 views

CVE-2019-1010008

OpenEnergyMonitor Project Emoncms 9.8.8 is affected by a Cross Site Scripting (XSS) vulnerability. The issue involves JavaScript code execution in the fields Name, Location, Bio, and Starting Page on the My Account page, via Lib/listjs/list.js (line 67). The attack vector is listed as unknown, wi...

5.4CVSS5.4AI score0.00897EPSS
CVE
CVE
added 2025/02/06 12:0 a.m.85 views

CVE-2025-22992

CVE-2025-22992 affects Emoncms (version 11.6.9 and later) via SQL Injection in the /feed/insert.json endpoint. The vulnerability stems from improper handling of user-supplied input in the data query parameter, enabling attackers to execute arbitrary SQL commands under specific conditions. Reporte...

9.8CVSS8.9AI score0.00492EPSS
Web
CVE
CVE
added 2021/02/21 5:53 a.m.73 views

CVE-2021-26716

EMONCMS CVE-2021-26716 affects Modules/input/Views/schedule.php in Emoncms through 10.2.7, enabling cross-site scripting via the node parameter. The data from connected sources confirms the vulnerable component and version scope (10.2.7 and earlier) and the input parameter that can be exploited. ...

6.1CVSS5.9AI score0.00791EPSS
Web
CVE
CVE
added 2017/02/12 4:43 a.m.43 views

CVE-2017-5964

The CVE affects Emoncms up to version 9.8.0, where insufficient filtering of user-supplied data in multiple HTTP GET parameters passed to emoncms-master/Modules/vis/visualisations/compare.php allows an attacker to inject arbitrary HTML/JavaScript in a victim’s browser. The issue is caused by inad...

6.1CVSS6.4AI score0.00918EPSS
CVE
CVE
added 2025/10/24 12:0 a.m.16 views

CVE-2025-60936

CVE-2025-60936 affects Emoncms 11.7.3. The issue is a cross-site scripting flaw in the input handling mechanism that, when an authenticated API user views application logs, allows injecting JavaScript for execution in the admin context. Root cause and impact are described across multiple sources ...

6.1CVSS6.3AI score0.00178EPSS
CVE
CVE
added 2025/10/24 12:0 a.m.10 views

CVE-2025-60938

CVE-2025-60938 affects Emoncms 11.7.3. The issue is a remote code execution in the firmware upload feature, arising from insufficient input validation of user-controlled parameters (filename, port, baud_rate, core, autoreset) in the /admin/upload-custom-firmware endpoint. When authenticated, an a...

7.5CVSS8.3AI score0.00556EPSS
Web