Описание
Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Broken Link
- PatchThird Party AdvisoryUS Government Resource
- PatchThird Party AdvisoryUS Government Resource
- Third Party Advisory
- Third Party Advisory
- Broken Link
- PatchThird Party AdvisoryUS Government Resource
- PatchThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:aveva:clearscada:2005:*:*:*:*:*:*:*
cpe:2.3:a:aveva:clearscada:2007:*:*:*:*:*:*:*
cpe:2.3:a:aveva:clearscada:2009:*:*:*:*:*:*:*
Конфигурация 2Версия до r4.5 (исключая)Версия до r3.9 (исключая)
Одно из
cpe:2.3:a:schneider-electric:scx_67:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:scx_68:*:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00543
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
EPSS
Процентиль: 67%
0.00543
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79