Vulnerabilities > Doverfuelingsolutions > Progauge Maglink LX Console Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-41725 | Cross-site Scripting vulnerability in Doverfuelingsolutions products ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting. | 6.1 |
| 2024-09-25 | CVE-2024-43423 | Use of Hard-coded Credentials vulnerability in Doverfuelingsolutions products The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. | 9.8 |
| 2024-09-25 | CVE-2024-43692 | Unspecified vulnerability in Doverfuelingsolutions products An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly. | 9.8 |
| 2024-09-25 | CVE-2024-43693 | Command Injection vulnerability in Doverfuelingsolutions products A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. | 9.8 |
| 2024-09-25 | CVE-2024-45066 | Command Injection vulnerability in Doverfuelingsolutions products A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. | 9.8 |
| 2024-09-25 | CVE-2024-45373 | Unspecified vulnerability in Doverfuelingsolutions products Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. | 8.8 |