Описание
Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.31.0010 (включая)
Одновременно
cpe:2.3:o:bosch:videojet_multi_4000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:videojet_multi_4000:-:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00237
Низкий
5.1 Medium
CVSS3
4.8 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
больше 3 лет назад
Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option.
EPSS
Процентиль: 47%
0.00237
Низкий
5.1 Medium
CVSS3
4.8 Medium
CVSS3
Дефекты
CWE-79
CWE-79