Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nedi nedi vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-15036
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an malicious user to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.
Nedi Nedi 1.9c
4.3
CVSSv2
CVE-2020-14413
NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Device...
Nedi Nedi 1.9c
9
CVSSv2
CVE-2020-14414
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw paramete...
Nedi Nedi 1.9c
6.5
CVSSv2
CVE-2021-26753
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an malicious user to obtain access to the operating system where NeDi is installed and to all application data.
Nedi Nedi 1.9c
4.3
CVSSv2
CVE-2020-15016
NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter.
Nedi Nedi 1.9c
4.3
CVSSv2
CVE-2020-15017
NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter.
Nedi Nedi 1.9c
3.5
CVSSv2
CVE-2020-15028
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an malicious user to execute arbitrary JavaScript code via the Topology-Map.php xo parameter.
Nedi Nedi 1.9c
3.5
CVSSv2
CVE-2020-15029
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an malicious user to execute arbitrary JavaScript code via the Assets-Management.php sn parameter.
Nedi Nedi 1.9c
3.5
CVSSv2
CVE-2020-15030
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an malicious user to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter.
Nedi Nedi 1.9c
3.5
CVSSv2
CVE-2020-15032
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an malicious user to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter.
Nedi Nedi 1.9c
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »