Schneider Electric NetBotz Cross-Site Scripting Vulnerability

2023-04-2100:00:00

China National Vulnerability Database

www.cnvd.org.cn

schneider electric

netbotz

xss

vulnerability

monitoring

solution

physical

environmental

human threats

filtering

authentication

credentials

attacker

exploit

steal

0.0005 Low

EPSS

Percentile

18.4%

JSON

Schneider Electric NetBotz is a proactive monitoring solution from Schneider Electric, France. It is designed to protect against physical, environmental or human threats that can cause disruption or downtime to IT infrastructure. Schneider Electric NetBotz suffers from a cross-site scripting vulnerability that stems from the application’s lack of effective filtering and escaping of user-supplied data, which could be exploited by an attacker to steal a victim’s cookie-based authentication credentials.

CPENameOperatorVersion
schneider electric netbotz 4-355 <=veq4.7.0
schneider electric netbotz 4-450 <=veq4.7.0
schneider electric netbotz 4-455 <=veq4.7.0
schneider electric netbotz 4-550 <=veq4.7.0
schneider electric netbotz 4-570 <=veq4.7.0

Name	Operator	Version
schneider electric netbotz 4-355 <=v	eq	4.7.0
schneider electric netbotz 4-450 <=v	eq	4.7.0
schneider electric netbotz 4-455 <=v	eq	4.7.0
schneider electric netbotz 4-550 <=v	eq	4.7.0
schneider electric netbotz 4-570 <=v	eq	4.7.0

0.0005 Low

EPSS

Percentile

18.4%

JSON

Related for CNVD-2023-55388