CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 2CVE-2022-38627
https://notcve.org/view.php?id=CVE-2022-38627
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter. Se descubrió que Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a y 0.32-08e contenía una vulnerabilidad de inyección SQL a través del parámetro idt. • https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-38627/CVE-2022-38627.txt https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-38627/CVE-2022-38627.yaml • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 1CVE-2022-42710
https://notcve.org/view.php?id=CVE-2022-42710
Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS). Los dispositivos Nice (anteriormente Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a y 0.32-08e son vulnerables a cross site scripting (XSS) almacenado. • https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-42710/CVE-2022-42710.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 2CVE-2022-46381
https://notcve.org/view.php?id=CVE-2022-46381
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e. Ciertos dispositivos Linear eMerge E3-Series son vulnerables a XSS a través del parámetro type (por ejemplo, al componente badging/badge_template_v0.php). Esto afecta a 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a y 0.32-08e. • https://github.com/amitlttwo/CVE-2022-46381 https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-46381/CVE-2022-46381.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2022-38628
https://notcve.org/view.php?id=CVE-2022-38628
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors. Se descubrió que Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a y 0.32-08e contienen una vulnerabilidad de Cross-Site Scripting (XSS) que está encadenada con una fijación de sesión local. Esta vulnerabilidad permite a los atacantes escalar privilegios a través de vectores no especificados. • https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-38628/CVE-2022-38628.txt • CWE-384: Session Fixation •