Vulnerabilities > Rainmachine > Rainmachine WEB Application
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-01 | CVE-2018-6909 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Rainmachine web Application A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request. | 4.3 |
| 2018-11-01 | CVE-2018-6907 | Cross-Site Request Forgery (CSRF) vulnerability in Rainmachine web Application A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API. | 6.8 |
| 2018-11-01 | CVE-2018-6906 | Cross-site Scripting vulnerability in Rainmachine web Application A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. | 4.3 |