MEDIUM🇬🇧 English

CVE-2021-27659

CVSS 5.3v3.1pub. 2021-06-24upd. 2024-11-21

exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
  • Johnsoncontrols Exacqvision Web Service

    APP
    Johnsoncontrols
    ≤ 21.03
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2021-27664CRITICAL9.8ten sam produkt

Under certain configurations an unauthenticated remote user could be given access to credentials stored in the...

CVE-2024-32862MEDIUM6.8ten sam produkt

Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted...

CVE-2024-32864MEDIUM6.4ten sam produkt

Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)

CVE-2024-32931MEDIUM5.7ten sam produkt

Under certain circumstances the exacqVision Web Service can expose authentication token details within communi...

CVE-2024-32863MEDIUM6.8ten sam produkt

Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSR...