CVE-2018-18985

🗓️ 29 Jan 2019 16:00:00Reported by icscertType

Tridium Niagara Enterprise Security and Niagara AX versions prior to specified are vulnerable to cross-site scripting, impacting confidentiality

Reporter	Title	Published	Views	Family All 9
CNVD	TRIDIUM Niagara Enterprise Security, Niagara AX and Niagara Cross-Site Scripting Vulnerabilities	15 Jan 201900:00	–	cnvd
CVE	CVE-2018-18985	29 Jan 201916:00	–	cve
EUVD	EUVD-2018-10689	7 Oct 202500:30	–	euvd
ICS	ICSA-18-333-02_Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4	29 Nov 201800:00	–	ics
NVD	CVE-2018-18985	29 Jan 201916:29	–	nvd
OSV	CVE-2018-18985	29 Jan 201916:29	–	osv
Tenable Nessus	Tridium Niagara Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	10 Aug 202000:00	–	nessus
Tenable Nessus	Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 Improper Neutralization of Input During Web Page Generation (CVE-2018-18985)	21 Mar 202300:00	–	nessus
Prion	Cross site scripting	29 Jan 201916:29	–	prion

[
  {
    "product": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4",
    "vendor": "Tridium",
    "versions": [
      {
        "status": "affected",
        "version": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/106530
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-18-333-02

31 Jan 2019 23:57Current

5.3Medium risk

Vulners AI Score5.3

EPSS0.00112

CWE-79