Vulnerabilities > Rainmachine > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-01 | CVE-2018-6909 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Rainmachine web Application A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request. | 6.5 |
| 2018-11-01 | CVE-2018-6906 | Cross-site Scripting vulnerability in Rainmachine web Application A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. | 6.1 |