CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-28931
https://notcve.org/view.php?id=CVE-2020-28931
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website. Una falta de token anti-CSRF en toda la interfaz administrativa en EPSON EPS TSE Server 8 (versión 21.0.11), permite a un atacante no autenticado forzar a un administrador a ejecutar peticiones POST externas al visitar un sitio web malicioso • https://blog.bssi.fr/multiple-vulnerabilities-within-epson-eps-tse-server-8/#vulnerability-3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-28930
https://notcve.org/view.php?id=CVE-2020-28930
A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator. Un problema de Cross-Site Scripting (XSS) en las funcionalidades "update user" y "delete user" en el archivo settings/users.php en EPSON EPS TSE Server 8 (versión 21.0.11), permite a un atacante autenticado inyecte una carga útil de JavaScript en el usuario página de administración que es ejecutada por un administrador • https://blog.bssi.fr/multiple-vulnerabilities-within-epson-eps-tse-server-8/#vulnerability-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-28929
https://notcve.org/view.php?id=CVE-2020-28929
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI. Un acceso sin restricciones a la funcionalidad log downloader en EPSON EPS TSE Server 8 (versión 21.0.11), permite a un atacante no autenticado recuperar remotamente credenciales administrativas en el hash por medio del URI maintenance/troubleshoot.php?download=1 • https://blog.bssi.fr/multiple-vulnerabilities-within-epson-eps-tse-server-8/#vulnerability-1 • CWE-306: Missing Authentication for Critical Function •