exploitDog

CVE-2019-11370

Опубликовано: 03 июн. 2019

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.

Ссылки

https://drive.google.com/open?id=1WkmtsCVNCtxwWH2fe9DtHow_Nedp1a7j
Exploit
Third Party Advisory
https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11370
Exploit
Third Party Advisory
https://drive.google.com/open?id=1WkmtsCVNCtxwWH2fe9DtHow_Nedp1a7j
Exploit
Third Party Advisory
https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11370
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:carel:pcoweb_card_firmware:*:*:*:*:*:*:*:*

Версия до b1.2.4 (исключая)

cpe:2.3:h:carel:pcoweb_card:-:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.07622

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-pfc4-fr5v-j7rh

CVSS3: 5.4

github

больше 3 лет назад

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.

EPSS

Процентиль: 92%

0.07622

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79