2 results (0.003 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-27658 – exacqVision Enterprise Manager CSS

https://notcve.org/view.php?id=CVE-2021-27658

24 Jun 2021 — exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users. exacqVision Enterprise Manager versión 20.12 no combrueba, filtra, escapa y/o codifica suficientemente las entradas controlables por el usuario antes de colocarlas en la salida que se utiliza como página web que es servida a otros usuarios • https://us-cert.cisa.gov/ics/advisories/icsa-21-180-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 7%CPEs: 2EXPL: 1

CVE-2020-9047 – exacqVision Software - Improper Verification of Cryptographic Signature

https://notcve.org/view.php?id=CVE-2020-9047

26 Jun 2020 — A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system. Se presenta una vulnerabilidad que podría permitir una ejecución de código no autorizado o comandos del Sistema Opera... • https://github.com/norrismw/CVE-2020-9047 • CWE-347: Improper Verification of Cryptographic Signature •