CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8477 – ABB System 800xA Information Manager Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-8477
22 Apr 2020 — The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code. Las instalaciones de ABB System 800xA Information Manager versiones 5.1, versiones 6.0 hasta 6.0.3.2 y versión 6.1, contienen incorrectamente un componente auxiliar. Un atacante puede usar esto para un ataque de tipo XSS hacia un usuario lo... • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-489: Active Debug Code •