Lucene search
HistoryFeb 05, 2024 - 6:15 p.m.
CVE-2023-6028
cve-2023-6028
cross-site scripting
remote attacker
arbitrary code execution
browser session
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
25.2%
A reflected
cross-site scripting (XSS) vulnerability exists in the SVG version of System
Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that
enables a remote attacker to execute arbitrary JavaScript code in the context
of the attacked userβs browser session.
Affected configurations
Node
br-automationautomation_runtimeRange<i4.93
| Vendor | Product | Version | CPE |
|---|---|---|---|
| br-automation | automation_runtime | * | cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:* |
Related
vulnrichment
vulnrichment
CVE-2023-6028 SDM Web interface vulnerable to XSS
2024-02-05 17:33:34
prion
prion
Cross site scripting
2024-02-05 18:15:00
cve
cve
CVE-2023-6028
2024-02-05 18:15:51
cvelist
cvelist
CVE-2023-6028 SDM Web interface vulnerable to XSS
2024-02-05 17:33:34
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
25.2%
Related for NVD:CVE-2023-6028