GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| steelcase | roomwizard_firmware | * |
RoomWizard before 4.4.x allows remote attackers to obtain potentially sensitive information about IP addresses via /getGroupTimeLineJSON.action.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| steelcase | roomwizard_firmware | * |
RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| steelcase | roomwizard_firmware | * |