Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Deltaww Subscribe
Filtered by product Diaenergie

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-33005 1 Deltaww 1 Diaenergie 2022-07-06 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field.
CVE-2021-31558 1 Deltaww 1 Diaenergie 2021-12-28 4.3 MEDIUM 6.1 MEDIUM
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.
CVE-2021-44544 1 Deltaww 1 Diaenergie 2021-12-28 4.3 MEDIUM 6.1 MEDIUM
DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.
CVE-2021-23228 1 Deltaww 1 Diaenergie 2021-12-28 4.3 MEDIUM 6.1 MEDIUM
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.
CVE-2021-44471 1 Deltaww 1 Diaenergie 2021-12-28 4.3 MEDIUM 6.1 MEDIUM
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.
CVE-2021-33003 1 Deltaww 1 Diaenergie 2021-09-03 2.1 LOW 5.5 MEDIUM
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.
CVE-2021-32991 1 Deltaww 1 Diaenergie 2021-09-03 4.3 MEDIUM 4.3 MEDIUM
Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.