CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Thingsboard: >> Thingsboard Security Vulnerabilities

CVE-2021-42751

A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.

CVSS Score

4.8

EPSS Score

0.002

Published

2022-08-12

CVE-2020-27687

ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen.

CVSS Score

8.8

EPSS Score

0.004

Published

2020-12-18

Page 2

Vulnerabilities

Vulnerable Software

Thingsboard: >> Thingsboard Security Vulnerabilities

Products

Pricing

Contact Us