CERTVDECVELIST:CVE-2021-34582CVE-2021-34582 Phoenix Contact: FL MGUARD XSS through web-based management and REST API
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.9%
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.
CNA Affected
[
{
"product": "FL MGUARD",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "FL MGUARD 1102 (No. 1153079)*",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
},
{
"lessThan": "FL MGUARD 1105 (No. 1153078)*",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
}
]
}
]References
Related
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.9%