Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-12774
HistoryJun 07, 2019 - 4:29 p.m.

CVE-2019-12774

2019-06-0716:29:00
CWE-79
[email protected]
web.nvd.nist.gov
37
cve-2019-12774
stored xss
vulnerability
enttec datagate
mk2
web configuration
unauthenticated threat actor

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

JSON

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description field in JSON data to the Profile Editor.

Affected configurations

NVD
Node
enttecdatagate_mk2_firmwareMatch7004405032019-482
AND
enttecdatagate_mk2Match-
Node
enttecstorm_24_firmwareMatch7004405032019-482
AND
enttecstorm_24Match-
Node
enttecpixelator_firmwareMatch7004405032019-482
AND
enttecpixelatorMatch-
Node
enttece-streamer_mk2_firmwareMatch7004405032019-482
AND
enttece-streamer_mk2Match-

Related

nvd 1
prion 1
cvelist 1
ics 1
nvd
nvd
CVE-2019-12774
2019-06-07 16:29:00
prion
prion
Cross site scripting
2019-06-07 16:29:00
cvelist
cvelist
CVE-2019-12774
2019-06-07 15:06:04
ics
ics
ENTTEC Lighting Controllers (Update A)
2020-09-15 12:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

JSON
Related for CVE-2019-12774
nvd1prion1cvelist1ics1