CVE-2023-26462
- EPSS 0.56%
- Veröffentlicht 23.02.2023 06:15:10
- Zuletzt bearbeitet 21.11.2024 07:51:32
ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the applica...
CVE-2022-40004
- EPSS 0.91%
- Veröffentlicht 15.12.2022 23:15:10
- Zuletzt bearbeitet 21.04.2025 18:15:17
Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log.
CVE-2022-31861
- EPSS 0.31%
- Veröffentlicht 13.09.2022 22:15:08
- Zuletzt bearbeitet 21.11.2024 07:05:24
Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs.
CVE-2021-42750
- EPSS 0.75%
- Veröffentlicht 12.08.2022 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:28:05
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.
CVE-2021-42751
- EPSS 0.75%
- Veröffentlicht 12.08.2022 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:28:05
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.
CVE-2020-27687
- EPSS 0.42%
- Veröffentlicht 18.12.2020 19:15:14
- Zuletzt bearbeitet 21.11.2024 05:21:39
ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host he...