9.6
CVE-2023-3526
- EPSS 0.67%
- Veröffentlicht 08.08.2023 07:15:10
- Zuletzt bearbeitet 21.11.2024 08:17:27
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
LoginPHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phoenixcontact ≫ Cloud Client 1101t-tx Firmware Version < 2.06.10
Phoenixcontact ≫ Tc Cloud Client 1002-4g Att Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Cloud Client 1002-4g Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Cloud Client 1002-4g Vzw Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Att Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Vzw Firmware Version < 2.07.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.67% | 0.715 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.