exploitDog

CVE-2025-34080

Опубликовано: 01 июл. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Contec Co.,Ltd. CONPROSYS HMI System (CHS) is vulnerable to Cross-Site Scripting (XSS) in the getqsetting.php functionality that could allow reflected execution of scripts in the browser on interaction.This issue affects CONPROSYS HMI System (CHS): before 3.7.7.

Ссылки

https://jvn.jp/en/vu/JVNVU92266386/
Third Party Advisory
https://www.vulncheck.com/advisories/conprosys-hmi-system-reflected-xss

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:contec:conprosys_hmi_system:*:*:*:*:*:*:*:*

Версия до 3.7.7 (исключая)

EPSS

Процентиль: 13%

0.00044

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-8249-348w-qmmh

CVSS3: 6.1

github

7 месяцев назад

The Contec Co.,Ltd. CONPROSYS HMI System (CHS) is vulnerable to Cross-Site Scripting (XSS) in the getqsetting.php functionality that could allow reflected execution of scripts in the browser on interaction.This issue affects CONPROSYS HMI System (CHS): before 3.7.7.

EPSS

Процентиль: 13%

0.00044

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79