Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Siemens Subscribe
Filtered by product Xhq

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19285 1 Siemens 1 Xhq 2021-10-29 3.5 LOW 5.4 MEDIUM
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow injections that could lead to XSS attacks if unsuspecting users are tricked into accessing a malicious link.
CVE-2019-19283 1 Siemens 1 Xhq 2020-12-15 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in XHQ (All Versions < 6.1). The application's web server could expose non-sensitive information about the server's architecture. This could allow an attacker to adapt further attacks to the version in place.
CVE-2019-19287 1 Siemens 1 Xhq 2020-12-15 4.0 MEDIUM 6.5 MEDIUM
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow attackers to traverse through the file system of the server based by sending specially crafted packets over the network without authentication.
CVE-2019-19284 1 Siemens 1 Xhq 2020-12-15 3.5 LOW 5.4 MEDIUM
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users.
CVE-2019-19288 1 Siemens 1 Xhq 2020-12-15 4.3 MEDIUM 6.1 MEDIUM
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.
CVE-2019-13931 1 Siemens 1 Xhq 2019-12-19 3.5 LOW 5.4 MEDIUM
A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.