Описание
The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when the website is loaded.
The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when the website is loaded.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-27448
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.endress.com
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf
Связанные уязвимости
The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when the website is loaded.
Уязвимость компонента Dashboard микропрограммного обеспечения промышленного цифрового газоанализатора MEAC300-FNADE4, позволяющая нарушителю проводить межсайтовые сценарные атаки