8.8
CVE-2024-41725
- EPSS 0.35%
- Veröffentlicht 25.09.2024 01:15:41
- Zuletzt bearbeitet 30.09.2024 19:55:49
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginDover Fueling Solutions ProGauge MAGLINK LX CONSOLE Cross-site Scripting
ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Doverfuelingsolutions ≫ Progauge Maglink Lx Console Firmware Version <= 3.4.2.2.6
Doverfuelingsolutions ≫ Progauge Maglink Lx4 Console Firmware Version <= 4.17.9e
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.268 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| ics-cert@hq.dhs.gov | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| ics-cert@hq.dhs.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04