Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deltaww diaenergie vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-31558
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2021-38390
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as par...
Deltaww Diaenergie
6.1
CVSSv3
CVE-2021-23228
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2021-32955
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an malicious user to remotely execute code.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2021-32967
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an malicious user to add a new administrative user without being authenticated or authorized, which may allow the malicious user to log in and use the device with administrative privileges.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2021-32983
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of...
Deltaww Diaenergie
4.3
CVSSv3
CVE-2021-32991
Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an malicious user to cause a user to carry out an action unintentionally.
Deltaww Diaenergie
5.5
CVSSv3
CVE-2021-33003
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an malicious user to retrieve passwords in cleartext due to a weak hashing algorithm.
Deltaww Diaenergie
6.1
CVSSv3
CVE-2022-33005
A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows malicious users to execute arbitrary web scripts via a crafted payload injected into the Name text field.
Deltaww Diaenergie 1.08.00
9.8
CVSSv3
CVE-2022-43774
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an malicious user to gain code execution on a remote system.
Deltaww Diaenergie 1.9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »