Search
Search Results (4 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25233 | 1 Ave | 1 Dominaplus | 2025-12-29 | 5.3 Medium |
| AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser sessions. | ||||
| CVE-2020-21996 | 1 Ave | 13 53ab-wbs, 53ab-wbs Firmware, Dominaplus and 10 more | 2024-11-21 | 7.5 High |
| AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario. | ||||
| CVE-2020-21994 | 1 Ave | 13 53ab-wbs, 53ab-wbs Firmware, Dominaplus and 10 more | 2024-11-21 | 9.8 Critical |
| AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack. | ||||
| CVE-2020-21991 | 1 Ave | 13 53ab-wbs, 53ab-wbs Firmware, Dominaplus and 10 more | 2024-11-21 | 9.8 Critical |
| AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials. | ||||
Page 1 of 1.