Filtered by vendor P5
Subscriptions
Filtered by product Fnip-8x16a
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37148 | 1 P5 | 2 Fnip-4xsh, Fnip-8x16a | 2026-02-06 | 3.5 Low |
| P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the 'lab4' parameter in config.html. | ||||
| CVE-2020-37118 | 1 P5 | 1 Fnip-8x16a | 2026-02-06 | 3.5 Low |
| P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page. | ||||
| CVE-2020-36906 | 1 P5 | 2 Fnip-4xsh, Fnip-8x16a | 2026-01-08 | 4.3 Medium |
| P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted form. | ||||
Page 1 of 1.