Vulnerabilities > Johnsoncontrols > Cevas
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-28 | CVE-2021-36206 | Cross-site Scripting vulnerability in Johnsoncontrols Cevas All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries. | 6.1 |