CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11450
https://notcve.org/view.php?id=CVE-2018-11450
A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software TEAMCENTER V9.1.3 and newer are not affected. Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en Siemens PLM Software TEAMCENTER (V9.1.2.5). Si un usuario visita el portal de inicio de sesión mediante la URL manipulada por el atacante, el atacante puede insertar HTML/JavaScript y alterar o rescribir la página del portal de inicio de sesión. • https://github.com/LucvanDonk/Siemens-Siemens-PLM-Software-TEAMCENTER-Reflected-Cross-Site-Scripting-XSS-vulnerability/wiki • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •