CVE-2012-1990

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:schneider-electric:kerweb:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:kerwin:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-05-22 16:55

Updated : 2024-02-28 12:00


NVD link : CVE-2012-1990

Mitre link : CVE-2012-1990

CVE.ORG link : CVE-2012-1990


JSON object : View

Products Affected

schneider-electric

  • kerweb
  • kerwin
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')