2 results (0.001 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks. • https://www.twcert.org.tw/en/cp-139-8070-d10bc-2.html https://www.twcert.org.tw/tw/cp-132-8069-73393-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server. Intumit inc. SmartRobot's web framwork tiene una vulnerabilidad de ejecución remota de código. • https://www.twcert.org.tw/tw/cp-132-7662-41d50-1.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1395: Dependency on Vulnerable Third-Party Component •