Vulnerabilities > Mimosa > B5C Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-07-20 CVE-2020-25205 Cross-site Scripting vulnerability in Mimosa B5 Firmware, B5C Firmware and C5C Firmware
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php.
network
low complexity
mimosa CWE-79
6.1
6.1
2021-07-20 CVE-2020-25206 OS Command Injection vulnerability in Mimosa B5 Firmware, B5C Firmware and C5C Firmware
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes.
network
low complexity
mimosa CWE-78
7.2
7.2