CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0976
https://notcve.org/view.php?id=CVE-2015-0976
03 Apr 2015 — Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Inductive Automation Ignition 7.7.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0991
https://notcve.org/view.php?id=CVE-2015-0991
03 Apr 2015 — Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. Inductive Automation Ignition 7.7.2 permite a atacantes remotos obtener información sensible mediante la lectura de un mensaje de error sobre una excepción no manejado, tal y como fue demostrado por la información de nombres de rutas. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •