Vulnerabilities > Steelcase > Roomwizard Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-02-15 CVE-2018-7057 Cross-site Scripting vulnerability in Steelcase Roomwizard Firmware
RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter.
network
low complexity
steelcase CWE-79
6.1
6.1
2018-02-15 CVE-2018-7056 Information Exposure vulnerability in Steelcase Roomwizard Firmware
RoomWizard before 4.4.x allows remote attackers to obtain potentially sensitive information about IP addresses via /getGroupTimeLineJSON.action.
network
low complexity
steelcase CWE-200
5.3
5.3