Openenergymonitor: >> Emoncms Security Vulnerabilities
A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query parameter, allowing attackers to execute arbitrary SQL commands under specific conditions.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-06
Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-02-21
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "My Account" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-07-15
An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-02-12