6 matches found
CVE-2019-1010008
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by a Cross Site Scripting (XSS) vulnerability. The issue involves JavaScript code execution in the fields Name, Location, Bio, and Starting Page on the My Account page, via Lib/listjs/list.js (line 67). The attack vector is listed as unknown, wi...
CVE-2025-22992
CVE-2025-22992 affects Emoncms (version 11.6.9 and later) via SQL Injection in the /feed/insert.json endpoint. The vulnerability stems from improper handling of user-supplied input in the data query parameter, enabling attackers to execute arbitrary SQL commands under specific conditions. Reporte...
CVE-2021-26716
EMONCMS CVE-2021-26716 affects Modules/input/Views/schedule.php in Emoncms through 10.2.7, enabling cross-site scripting via the node parameter. The data from connected sources confirms the vulnerable component and version scope (10.2.7 and earlier) and the input parameter that can be exploited. ...
CVE-2017-5964
The CVE affects Emoncms up to version 9.8.0, where insufficient filtering of user-supplied data in multiple HTTP GET parameters passed to emoncms-master/Modules/vis/visualisations/compare.php allows an attacker to inject arbitrary HTML/JavaScript in a victim’s browser. The issue is caused by inad...
CVE-2025-60936
CVE-2025-60936 affects Emoncms 11.7.3. The issue is a cross-site scripting flaw in the input handling mechanism that, when an authenticated API user views application logs, allows injecting JavaScript for execution in the admin context. Root cause and impact are described across multiple sources ...
CVE-2025-60938
CVE-2025-60938 affects Emoncms 11.7.3. The issue is a remote code execution in the firmware upload feature, arising from insufficient input validation of user-controlled parameters (filename, port, baud_rate, core, autoreset) in the /admin/upload-custom-firmware endpoint. When authenticated, an a...