VYPR

iView

by Advantech

CVEs (31)

  • CVE-2025-53509MedJul 11, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper…

  • CVE-2025-52459MedJul 11, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters can be used directly in a command without proper …

  • CVE-2025-53519MedJul 11, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to …

  • CVE-2025-53397MedJul 11, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information…

  • CVE-2025-41442MedJul 11, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading…

  • CVE-2025-46704MedJul 11, 2025
    risk 0.28cvss 4.3epss 0.03

    A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properly sanitized or…

  • CVE-2022-50595Nov 6, 2025
    risk 0.00cvss epss 0.01

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the…

  • CVE-2022-50591Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the…

  • CVE-2022-50593Nov 6, 2025
    risk 0.00cvss epss 0.01

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the…

  • CVE-2022-50592Nov 6, 2025
    risk 0.00cvss epss 0.01

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the…

  • CVE-2022-50594Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’…

Page 2 of 2