Nedi

Nedi

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2020-15032

  • EPSS 0.34%
  • Veröffentlicht 07.07.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:04:40

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter.

5.4

CVE-2020-15031

  • EPSS 0.34%
  • Veröffentlicht 07.07.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:04:39

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter.

5.4

CVE-2020-15030

  • EPSS 0.34%
  • Veröffentlicht 07.07.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:04:39

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter.

5.4

CVE-2020-15028

  • EPSS 0.34%
  • Veröffentlicht 07.07.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:04:39

NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter.

5.4

CVE-2020-15037

Exploit
  • EPSS 0.21%
  • Veröffentlicht 07.07.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 05:04:40

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter.

5.4

CVE-2020-15036

Exploit
  • EPSS 0.21%
  • Veröffentlicht 07.07.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:04:40

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.

9

CVE-2020-14414

  • EPSS 2.83%
  • Veröffentlicht 29.06.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:03:12

NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a P...

6.1

CVE-2020-14413

  • EPSS 15.74%
  • Veröffentlicht 29.06.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:03:12

NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute...

9

CVE-2020-14412

  • EPSS 2.83%
  • Veröffentlicht 29.06.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:03:12

NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacte...

6.1

CVE-2020-15017

  • EPSS 0.24%
  • Veröffentlicht 26.06.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 05:04:38

NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter.