1 results (0.010 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code. Las instalaciones de ABB System 800xA Information Manager versiones 5.1, versiones 6.0 hasta 6.0.3.2 y versión 6.1, contienen incorrectamente un componente auxiliar. Un atacante puede usar esto para un ataque de tipo XSS hacia un usuario local autenticado, lo que podría conllevar a una ejecución de código arbitrario. • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-489: Active Debug Code •