Mango Automation

mango_automation

Vendor: Infinite Automation Systems • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-7904 1Infinite Automation Systems 1Mango Automation May 6, 2026 Oct 28, 2015 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an...Show more Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.Show less
CVE-2015-7903 1Infinite Automation Systems 1Mango Automation May 6, 2026 Oct 28, 2015 N/A· v4 N/A· v3 6.5 MEDIUM· v2 SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-7902 1Infinite Automation Systems 1Mango Automation May 6, 2026 Oct 28, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive info...Show more Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.Show less
CVE-2015-7901 1Infinite Automation Systems 1Mango Automation May 6, 2026 Oct 28, 2015 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVE-2015-7900 1Infinite Automation Systems 1Mango Automation May 6, 2026 Oct 28, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain...Show more Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.Show less
CVE-2015-6494 1Infinite Automation Systems 1Mango Automation May 6, 2026 Oct 28, 2015 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6493 1Infinite Automation Systems 1Mango Automation May 6, 2026 Oct 28, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via un...Show more Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.Show less
CVE-2015-1179 1Infinite Automation Systems 1Mango Automation May 6, 2026 Jan 26, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid p...Show more Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter.Show less