Описание
Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
4.8 Medium
CVSS3
Дефекты
Связанные уязвимости
Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege.
EPSS
4.8 Medium
CVSS3