CVE-2018-7795

🗓️ 29 Aug 2018 20:00:00Reported by schneiderType

A Cross Protocol Injection vulnerability in Schneider Electric's PowerLogic PM5560 (prior to FW v2.5.4) allows cross site scripting attack on its web browser

Reporter	Title	Published	Views	Family All 11
Tenable Nessus	Schneider Electric PowerLogic PM5560 < 2.5.4 Cross Protocol Injection	8 May 201900:00	–	nessus
Tenable Nessus	Schneider Electric PowerLogic PM5560 Improper Neutralization of Input During Web Page Generation (CVE-2018-7795)	7 Feb 202200:00	–	nessus
CNVD	Schneider Electric PowerLogic PM5560 Cross-Site Scripting Vulnerability	30 Aug 201800:00	–	cnvd
Cvelist	CVE-2018-7795	29 Aug 201820:00	–	cvelist
EUVD	EUVD-2018-19507	7 Oct 202500:30	–	euvd
ICS	Schneider Electric PowerLogic PM5560	28 Aug 201800:00	–	ics
NVD	CVE-2018-7795	29 Aug 201820:29	–	nvd
OSV	CVE-2018-7795	29 Aug 201820:29	–	osv
Prion	Cross site scripting	29 Aug 201820:29	–	prion
ThreatPost	High-Severity Flaws Patched in Schneider Electric Products	29 Aug 201817:55	–	threatpost

NVD

Node

schneider-electric powerlogic_pm5560_firmwareRange<2.5.4

AND

schneider-electric powerlogic_pm5560Match-

[
  {
    "product": "PowerLogic - PM5560 prior to FW version 2.5.4",
    "vendor": "Schneider Electric SE",
    "versions": [
      {
        "status": "affected",
        "version": "PowerLogic - PM5560 prior to FW version 2.5.4"
      }
    ]
  }
]

Source	Link
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-18-240-03
securityfocus	www.securityfocus.com/bid/105170
schneider-electric	www.schneider-electric.com/en/download/document/SEVD-2018-228-01/

29 May 2026 18:16Current

6.3Medium risk

Vulners AI Score6.3

CVSS 24.3

CVSS 36.1

CVSS 3.15.4

EPSS0.00311

SSVC

CWE-79