Aggregates CVE and security vulnerability intelligence across all steelcase-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting, vendor risk ssrf, and vendor risk path handling and related problems; some flaws may lead to vendor impact file overwrite and vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-7057 | RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter. | [email protected] | 6.1 | 0.24% | 2018-02-15 | 2024-11-21 |
| CVE-2018-7056 | RoomWizard before 4.4.x allows remote attackers to obtain potentially sensitive information about IP addresses via /getGroupTimeLineJSON.action. | [email protected] | 5.3 | 0.24% | 2018-02-15 | 2024-11-21 |
| CVE-2018-7055 | GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter. | [email protected] | 7.5 | 0.37% | 2018-02-15 | 2024-11-21 |