Vulnerabilities > Deltaww > Diaenergie > 1.9.0

DATE CVE VULNERABILITY TITLE RISK
2022-11-17 CVE-2022-43506 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-27 CVE-2022-40965 Cross-site Scripting vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.
network
low complexity
deltaww CWE-79
5.4
5.4
2022-10-27 CVE-2022-40967 SQL Injection vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted.
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-27 CVE-2022-41133 SQL Injection vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters.
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-27 CVE-2022-41555 Cross-site Scripting vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.
network
low complexity
deltaww CWE-79
5.4
5.4
2022-10-27 CVE-2022-41651 Cross-site Scripting vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.
network
low complexity
deltaww CWE-79
5.4
5.4
2022-10-27 CVE-2022-41701 Cross-site Scripting vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.
network
low complexity
deltaww CWE-79
5.4
5.4
2022-10-27 CVE-2022-41702 Cross-site Scripting vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.
network
low complexity
deltaww CWE-79
5.4
5.4
2022-10-27 CVE-2022-41773 SQL Injection vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud.
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-26 CVE-2022-43774 SQL Injection vulnerability in Deltaww Diaenergie 1.9.0
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
network
low complexity
deltaww CWE-89
critical
 9.8
9.8