Page 4 of 25 results (0.008 seconds)

CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-6973

https://notcve.org/view.php?id=CVE-2020-6973

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition. Digi International ConnectPort LTS 32 MEI, versión de firmware 1.4.3 (82002228_K 08/09/2018), BIOS versión 1.2. Se presentan múltiples vulnerabilidades de tipo cross-site scripting, que podrían permitir a un atacante causar una condición de denegación de servicio. • https://www.us-cert.gov/ics/advisories/icsa-20-042-13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-6975

https://notcve.org/view.php?id=CVE-2020-6975

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application. Digi International ConnectPort LTS 32 MEI, versión de firmware 1.4.3 (82002228_K 08/09/2018), BIOS versión 1.2. Una explotación con éxito de esta vulnerabilidad podría permitir a un atacante cargar un archivo malicioso en la aplicación. • https://www.us-cert.gov/ics/advisories/icsa-20-042-13 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2020-8822

https://notcve.org/view.php?id=CVE-2020-8822

Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application. Los dispositivos Digi TransPort WR21 versión 5.2.2.3, WR44 versión 5.1.6.4 y WR44v2 versión 5.1.6.9, permiten un ataque de tipo XSS almacenado en la aplicación web. • https://sku11army.blogspot.com/2020/02/digi-transport-stored-xss-on-wr-family.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3

CVE-2019-18859 – Digi AnywhereUSB 14 - Reflective Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2019-18859

Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. Digi AnywhereUSB versión 14, permite un ataque de tipo XSS por medio de un enlace de la Página Digi. Digi AnywhereUSB version 14 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/47914 http://packetstormsecurity.com/files/155926/Digi-AnywhereUSB-14-Cross-Site-Scripting.html https://gist.github.com/RNPG/e0d25ad51aa5c288b9005900f88a4f03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 3

CVE-2018-20162 – Digi TransPort LR54 Restricted Shell Escape

https://notcve.org/view.php?id=CVE-2018-20162

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root. Los dispositivos Digi TransPort LR54 4.4.0.26 y, posiblemente, versiones anteriores, tienen una validación de entradas incorrecta que permite que los usuarios con privilegios de acceso "super" a la interfaz de línea de comandos omitan un shell restringido y ejecuten comandos arbitrarios como root. Digi TransPort LR54 suffers from a restricted shell bypass vulnerability that gets a root shell. • https://github.com/stigtsp/CVE-2018-20162-digi-lr54-restricted-shell-escape http://packetstormsecurity.com/files/151719/Digi-TransPort-LR54-Restricted-Shell-Escape.html https://blog.hackeriet.no/cve-2018-20162-digi-lr54-restricted-shell-escape https://seclists.org/bugtraq/2019/Feb/34 • CWE-20: Improper Input Validation •