Cevas

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-28	CVE-2021-36206	Cross-site Scripting vulnerability in Johnsoncontrols Cevas All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries. network low complexity johnsoncontrols CWE-79	6.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.