iSee857/ilevia-EVE-X1-Server-CSRF
GitHub
Releases0
ilevia EVE X1 Server /bh_web_backend.The presence of DOM-based XSS combined with CSRF can access internal system data and execute JavaScript code.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 9.6 CRITICAL | — | ||
Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /bh_web_backend component | |||
| 6.1 MEDIUM | — | ||
Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version<= 4.7.18.0.eden:Logic Version<=6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /index.php component | |||