Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/106105 | Third Party Advisory VDB Entry |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02 | Third Party Advisory US Government Resource |
| http://www.securityfocus.com/bid/106105 | Third Party Advisory VDB Entry |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02 | Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 03:56
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.securityfocus.com/bid/106105 - Third Party Advisory, VDB Entry | |
| References | () https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02 - Third Party Advisory, US Government Resource |
Information
Published : 2018-12-04 21:29
Updated : 2024-11-21 03:56
NVD link : CVE-2018-18991
Mitre link : CVE-2018-18991
CVE.ORG link : CVE-2018-18991
JSON object : View
Products Affected
spidercontrol
- scada_webserver
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')