Vulnerabilities > Deltaww > Dialink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-03 | CVE-2021-38428 | Unspecified vulnerability in Deltaww Dialink 1.2.4.0 Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code. | 4.8 |
| 2021-11-03 | CVE-2021-38488 | Unspecified vulnerability in Deltaww Dialink 1.2.4.0 Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code. | 4.8 |