Nedi: Security Vulnerabilities
NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-26
Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.
CVSS Score
8.8
EPSS Score
0.04
Published
2019-01-17
A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-01-17
A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-01-17
A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-01-17
A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-01-17
Page 3