Vulnerabilities > Nedi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-06 | CVE-2022-40895 | Information Exposure Through Discrepancy vulnerability in Nedi 1.0.7 In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. | 9.1 |
| 2021-02-12 | CVE-2021-26753 | Incorrect Authorization vulnerability in Nedi 1.9C NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. | 6.5 |
| 2021-02-12 | CVE-2021-26752 | OS Command Injection vulnerability in Nedi 1.9C NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. | 6.5 |
| 2021-02-12 | CVE-2021-26751 | SQL Injection vulnerability in Nedi 1.9C NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. | 4.0 |
| 2020-11-02 | CVE-2020-23989 | Cross-site Scripting vulnerability in Nedi 1.9C NeDi 1.9C allows pwsec.php oid XSS. | 3.5 |
| 2020-11-02 | CVE-2020-23868 | Cross-site Scripting vulnerability in Nedi 1.9C NeDi 1.9C allows inc/rt-popup.php d XSS. | 3.5 |
| 2020-07-07 | CVE-2020-15035 | Cross-site Scripting vulnerability in Nedi 1.9C NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. | 3.5 |
| 2020-07-07 | CVE-2020-15034 | Cross-site Scripting vulnerability in Nedi 1.9C NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. | 3.5 |
| 2020-07-07 | CVE-2020-15033 | Cross-site Scripting vulnerability in Nedi 1.9C NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. | 3.5 |
| 2020-07-07 | CVE-2020-15032 | Cross-site Scripting vulnerability in Nedi 1.9C NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. | 3.5 |