CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting
condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a
page containing the injected payload.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
12 Jul 2024, 16:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
First Time |
Schneider-electric modicon Lmc058
Schneider-electric modicon Lmc058 Firmware Schneider-electric modicon M262 Schneider-electric modicon M262 Firmware Schneider-electric modicon M241 Firmware Schneider-electric modicon M251 Firmware Schneider-electric modicon M258 Schneider-electric Schneider-electric modicon M251 Schneider-electric modicon M258 Firmware Schneider-electric modicon M241 |
|
References | () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-04.pdf - Vendor Advisory | |
CPE | cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:modicon_m251:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:modicon_m262_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:modicon_m258:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:modicon_lmc058:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:modicon_m262:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:modicon_lmc058_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:modicon_m258_firmware:*:*:*:*:*:*:*:* |
11 Jul 2024, 13:05
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Jul 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-11 09:15
Updated : 2024-07-12 16:37
NVD link : CVE-2024-6528
Mitre link : CVE-2024-6528
CVE.ORG link : CVE-2024-6528
JSON object : View
Products Affected
schneider-electric
- modicon_m251_firmware
- modicon_m262_firmware
- modicon_m241_firmware
- modicon_lmc058
- modicon_m258_firmware
- modicon_lmc058_firmware
- modicon_m251
- modicon_m241
- modicon_m258
- modicon_m262
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')