{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T18:17:58.707","vulnerabilities":[{"cve":{"id":"CVE-2020-27262","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2021-01-08T16:15:14.967","lastModified":"2024-11-21T05:20:57.790","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 A stored cross-site scripting (XSS) vulnerability exists in the affected products that allow an attacker to inject arbitrary web script or HTML via the filename parameter to multiple update endpoints of the administrative web interface."},{"lang":"es","value":"Innokas Yhtymä Oy Vital Signs Monitor VC150 anterior a versión  1.7.15. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en los productos afectados que permiten a un atacante inyectar script web o HTML arbitrario por medio del parámetro filename en múltiples endpoints de actualización de la interfaz web administrativa"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:innokasmedical:vital_signs_monitor_vc150_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.15","matchCriteriaId":"6B12A592-BEC0-40A4-9121-D546391D039E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:innokasmedical:vital_signs_monitor_vc150:-:*:*:*:*:*:*:*","matchCriteriaId":"B6319D79-50F3-4A2C-81DC-FF09E97656A9"}]}]}],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsma-21-007-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsma-21-007-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}