exploitDog

GHSA-v33q-q39m-425m

Опубликовано: 08 авг. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.6

Описание

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.

Ссылки

EPSS

Процентиль: 69%

0.00613

Низкий

9.6 Critical

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-3526

CVSS3: 9.6

nvd

больше 2 лет назад

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.

BDU:2023-06129

CVSS3: 9.6

fstec

больше 2 лет назад

Уязвимость микропрограммного обеспечения маршрутизаторов PHOENIX CONTACT TC ROUTER, TC CLOUD CLIENT и CLOUD CLIENT, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 69%

0.00613

Низкий

9.6 Critical

CVSS3

CVE ID

Дефекты

CWE-79