CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-18265

Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in logs and rendered when viewed in the web application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.1%

CVSS Severity

CVSS v3 Score 4.7

References

Products affected by CVE-2019-18265

Digitalalertsystems » Dasdec I » Version: N/A

cpe:2.3:h:digitalalertsystems:dasdec_i:-
Digitalalertsystems » Dasdec Ii » Version: N/A

cpe:2.3:h:digitalalertsystems:dasdec_ii:-
Digitalalertsystems » Dasdec Iii » Version: N/A

cpe:2.3:h:digitalalertsystems:dasdec_iii:-
Digitalalertsystems » One-Net » Version: N/A

cpe:2.3:h:digitalalertsystems:one-net:-
Digitalalertsystems » One-Net Se » Version: N/A

cpe:2.3:h:digitalalertsystems:one-net_se:-
Digitalalertsystems » Dasdec I Firmware » Version: N/A

cpe:2.3:o:digitalalertsystems:dasdec_i_firmware:-
Digitalalertsystems » Dasdec Ii Firmware » Version: N/A

cpe:2.3:o:digitalalertsystems:dasdec_ii_firmware:-
Digitalalertsystems » Dasdec Iii Firmware » Version: N/A

cpe:2.3:o:digitalalertsystems:dasdec_iii_firmware:-
Digitalalertsystems » One-Net Firmware » Version: N/A

cpe:2.3:o:digitalalertsystems:one-net_firmware:-
Digitalalertsystems » One-Net Se Firmware » Version: N/A

cpe:2.3:o:digitalalertsystems:one-net_se_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-18265

Products

Pricing

Contact Us