Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-34245 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34247 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34246 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34244 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34243 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34242 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34241 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34240 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34236 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 5.4 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via NetworksController.addNetworkAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | |||||
| CVE-2025-34237 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 5.4 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | |||||