CVE-2018-6907

The CVE-2018-6907 entry describes a CSRF vulnerability in Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application that could allow an attacker to control the RainMachine device via its REST API. Documents consistently identify the affected components as the RainMachi...

CVE-2018-6906

The CVE-2018-6906 entry concerns a persistent Cross-Site Scripting (XSS) vulnerability in Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 Web Application. According to the sources, an attacker can inject arbitrary JavaScript through the REST API, enabling an XSS exposure tha...

CVE-2018-6909

CVE-2018-6909 affects Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 Web Application. Root cause: missing X-Frame-Options header. Impact: allows clickjacking by remote attacker via an API page request; CVSSv3 base score 6.5 (NETWORK, LOW toward exploitation, user interactio...