CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6333 – Cross-site Scripting in ControlByWeb Relays
https://notcve.org/view.php?id=CVE-2023-6333
The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session. Los productos ControlByWeb Relay afectados por una vulnerabilidad de cross-site scripting almacenada, que podría permitir a un atacante inyectar scripts arbitrarios en el endpoint de una interfaz web que podría ejecutar código javascript malicioso durante la sesión de un usuario. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23553 – X-400 Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-23553
Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23551 – X-600M Code Injection
https://notcve.org/view.php?id=CVE-2023-23551
Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2018-18882
https://notcve.org/view.php?id=CVE-2018-18882
A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. Se ha descubierto un problema de Cross-Site Scripting (XSS) persistente en en el módulo de adquisición de datos ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade 1.05 con la revisión de firmware v1.05. Un usuario autenticado puede inyectar scripts arbitrarios mediante setup.html en la interfaz web. • http://www.securityfocus.com/bid/106655 https://applied-risk.com/labs/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18881
https://notcve.org/view.php?id=CVE-2018-18881
A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state. Se ha descubierto un problema de denegación de servicio (DoS) en el módulo de adquisición de datos ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade 1.05 con la revisión de firmware v1.05. Un usuario autenticado puede configurar unas opciones de red inválidas, paralizando las comunicaciones TCP al dispositivo. • http://www.securityfocus.com/bid/106655 https://applied-risk.com/labs/advisories •