OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 09:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://1d8.github.io/cves/cve_2024_37741/ - Exploit | |
References | () https://github.com/thiagoralves/OpenPLC_v3/blob/9cd8f1b53a50f9d38708096bfc72bcbb1ef47343/webserver/pages.py#L992 - Product | |
References | () https://github.com/thiagoralves/OpenPLC_v3/issues/242 - Exploit, Issue Tracking |
03 Jul 2024, 14:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://1d8.github.io/cves/cve_2024_37741/ - Exploit | |
References | () https://github.com/thiagoralves/OpenPLC_v3/blob/9cd8f1b53a50f9d38708096bfc72bcbb1ef47343/webserver/pages.py#L992 - Product | |
References | () https://github.com/thiagoralves/OpenPLC_v3/issues/242 - Exploit, Issue Tracking | |
CPE | cpe:2.3:o:openplcproject:openplc_v3_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:openplcproject:openplc_v3:-:*:*:*:*:*:*:* |
|
First Time |
Openplcproject openplc V3 Firmware
Openplcproject openplc V3 Openplcproject |
03 Jul 2024, 02:04
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
Summary |
|
28 Jun 2024, 13:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-28 13:15
Updated : 2024-11-21 09:24
NVD link : CVE-2024-37741
Mitre link : CVE-2024-37741
CVE.ORG link : CVE-2024-37741
JSON object : View
Products Affected
openplcproject
- openplc_v3_firmware
- openplc_v3
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')