CVE-2020-7049
https://notcve.org/view.php?id=CVE-2020-7049
Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. El Sistema Operativo Nozomi Networks versiones anteriores a 19.0.4, permite una Inyección CSV de /#/network?tab=network_node_list.html • https://www2.deloitte.com/de/de/pages/risk/articles/nozomi-csv-injection.html?nc=1 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVE-2020-15307
https://notcve.org/view.php?id=CVE-2020-15307
Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name. Nozomi Guardian versiones anteriores a 19.0.4, permite a atacantes lograr un ataque de tipo XSS almacenados (en el front end web) al aprovechar la capacidad de crear un campo personalizado con un nombre de campo diseñado • https://www2.deloitte.com/de/de/pages/risk/articles/nozomi-stored-xss.html?nc=1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •