MidnightBSD

Advisories for steelcase

CVE-2018-7055 MEDIUM

GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
steelcase roomwizard_firmware *
CVE-2018-7056 MEDIUM

RoomWizard before 4.4.x allows remote attackers to obtain potentially sensitive information about IP addresses via /getGroupTimeLineJSON.action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
steelcase roomwizard_firmware *
CVE-2018-7057 MEDIUM

RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
steelcase roomwizard_firmware *