Johnsoncontrols : Security Vulnerabilities, CVEs, (XSS)
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.
Max CVSS
8.1
EPSS Score
0.05%
Published
2022-06-15
Updated
2022-06-24
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface.
Max CVSS
8.7
EPSS Score
0.05%
Published
2022-06-15
Updated
2022-06-24
All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.
Max CVSS
10.0
EPSS Score
0.09%
Published
2022-10-28
Updated
2022-11-01
exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
Max CVSS
6.1
EPSS Score
0.07%
Published
2021-06-24
Updated
2021-09-20
exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-06-24
Updated
2021-09-20
5 vulnerabilities found