CVE-2016-2279 – Rockwell Scada System 27.011 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2016-2279

Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el servidor web en Rockwell Automation Allen-Bradley CompactLogix 1769-L* en versiones anteriores a 28.011+ permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. Rockwell Scada System version 27.011 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44626 http://www.securitytracker.com/id/1035190 https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •