NotCVE - vendor:"Gl-inet" product:"Goodcloud" version:"1.00.220412.00"

2 results (0.009 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-42054

https://notcve.org/view.php?id=CVE-2022-42054

27 Oct 2022 — Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. Múltiples vulnerabilidades de Stored Cross-Site Scripting (XSS) en GL.iNet GoodCloud IoT Device Management System Versión 1.00.220412.00 permiten a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyec... • https://boschko.ca/glinet-router • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 1

CVE-2022-42055

https://notcve.org/view.php?id=CVE-2022-42055

27 Oct 2022 — Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. Múltiples vulnerabilidades de inyección de comandos en GL.iNet GoodCloud IoT Device Management System versión 1.00.220412.00 a través de las herramientas ping y traceroute permiten a los atacantes leer archivos arbitrarios en el sistema. • https://boschko.ca/glinet-router • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •