Openenergymonitor: >> Emoncms >> 1.0.0 Security Vulnerabilities
A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query parameter, allowing attackers to execute arbitrary SQL commands under specific conditions.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-06
Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-02-21
An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-02-12