CVE-2018-11450
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software TEAMCENTER V9.1.3 and newer are not affected.
Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en Siemens PLM Software TEAMCENTER (V9.1.2.5). Si un usuario visita el portal de inicio de sesión mediante la URL manipulada por el atacante, el atacante puede insertar HTML/JavaScript y alterar o rescribir la página del portal de inicio de sesión. Siemens PLM Software TEAMCENTER V9.1.3 y posteriores no se ha visto afectado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-25 CVE Reserved
- 2018-07-09 CVE Published
- 2024-05-06 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/LucvanDonk/Siemens-Siemens-PLM-Software-TEAMCENTER-Reflected-Cross-Site-Scripting-XSS-vulnerability/wiki | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Teamcenter Product Lifecycle Management Search vendor "Siemens" for product "Teamcenter Product Lifecycle Management" | <= 9.1.2.5 Search vendor "Siemens" for product "Teamcenter Product Lifecycle Management" and version " <= 9.1.2.5" | - |
Affected
| ||||||