Vulnerabilities > Deltaww > Diaenergie > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-27 | CVE-2022-40965 | Cross-site Scripting vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | 5.4 |
| 2022-10-27 | CVE-2022-41555 | Cross-site Scripting vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. | 5.4 |
| 2022-10-27 | CVE-2022-41651 | Cross-site Scripting vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. | 5.4 |
| 2022-10-27 | CVE-2022-41701 | Cross-site Scripting vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | 5.4 |
| 2022-10-27 | CVE-2022-41702 | Cross-site Scripting vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | 5.4 |
| 2022-06-27 | CVE-2022-33005 | Cross-site Scripting vulnerability in Deltaww Diaenergie 1.08.00 A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | 6.1 |
| 2021-12-22 | CVE-2021-23228 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. | 6.1 |
| 2021-12-22 | CVE-2021-31558 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”. | 6.1 |
| 2021-12-22 | CVE-2021-44471 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. | 6.1 |
| 2021-12-22 | CVE-2021-44544 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. | 6.1 |