nedi

Top products

The 15 most recently published vulnerabilities affecting nedi.

• CVE-2022-40895In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vu...9.1Oct 6, 2022
• CVE-2021-26751NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker ...8.8Feb 12, 2021
• CVE-2021-26752NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an atta...8.8Feb 12, 2021
• CVE-2021-26753NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to...9.9Feb 12, 2021
• CVE-2020-23868NeDi 1.9C allows inc/rt-popup.php d XSS.5.4Nov 2, 2020
• CVE-2020-23989NeDi 1.9C allows pwsec.php oid XSS.5.4Nov 2, 2020
• CVE-2020-15028NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter.5.4Jul 7, 2020
• CVE-2020-15029NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter.5.4Jul 7, 2020
• CVE-2020-15030NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter.5.4Jul 7, 2020
• CVE-2020-15031NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter.5.4Jul 7, 2020
• CVE-2020-15032NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter.5.4Jul 7, 2020
• CVE-2020-15033NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter.5.4Jul 7, 2020
• CVE-2020-15034NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter.5.4Jul 7, 2020
• CVE-2020-15035NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter.5.4Jul 7, 2020
• CVE-2020-15036NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.5.4Jul 7, 2020