3 matches found
CVE-2022-25323
CVE-2022-25323 affects ZEROF Web Server 2.0, with a cross-site scripting (XSS) vulnerability reachable via the /admin.back endpoint. Public docs identify CWE-79 and CVSS v3.1 base score 6.1 (NETWORK, LOW complexity, UI REQUIRED, changed scope; impact: confidentiality/integrity LOW, availability N...
CVE-2022-25322
CVE-2022-25322 affects ZEROF Web Server 2.0, where the endpoint /HandleEvent is vulnerable to SQL Injection . The NVD/NVD-derived metrics list CVSS v3.1 base score 9.8 (CRITICAL) and CVSS v2 base 7.5 (HIGH);攻击面 is NETWORK with low complexity and no authentication. Connected sources describe explo...
CVE-2021-30175
The vulnerability CVE-2021-30175 affects ZEROF Web Server 1.0 (April 2021), where an SQL Injection is possible via the /HandleEvent endpoint on the login page. The Nuclei template and CIRCL/nvd entries confirm that this is an injection in the login handling path (CWE-89) with potential for arbitr...