NotCVE - vendor:"Siemens" product:"Spectrum Power 5"

2 results (0.001 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-7579

https://notcve.org/view.php?id=CVE-2020-7579

10 Mar 2020 — A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If deployed according to recommended system configuration, Siemens consideres the environmental vector as CR:L/IR:M/AR:H/MAV:A (4.1). Se ha identificado una vulnerabilidad en Spectrum Power™ 5 (Todas las versiones anteriores a v5.50 HF02... • https://cert-portal.siemens.com/productcert/pdf/ssa-938930.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2019-10933

https://notcve.org/view.php?id=CVE-2019-10933

11 Jul 2019 — A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not... • https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •