RSS   Vulnerabilities for 'Rainmachine web application'   RSS

2018-11-01
 
CVE-2018-6909

CWE-20
 

 
A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request.

 
 
CVE-2018-6907

CWE-352
 

 
A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API.

 
 
CVE-2018-6906

CWE-79
 

 
A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API.

 


Copyright 2024, cxsecurity.com

 

Back to Top