CVE-2017-5157

Опубликовано: 13 фев. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code.

Ссылки

http://www.securityfocus.com/bid/95665
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/95665
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:schneider_electric:homelynk_controller_lss100100_firmware:1.3.0:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:homelynk_controller_lss100100:-:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00206

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-gv48-2p75-gw7r