Headline
Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure
The application suffers from a cleartext transmission/storage of sensitive information in a Cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials through a man-in-the-middle attack.
Related news
Delta Controls enteliTOUCH 3.40.3935 Cross-Site Scripting (XSS)
Input passed to the POST parameter 'Username' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
Delta Controls enteliTOUCH 3.40.3935 Cross-Site Request Forgery (CSRF)
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.