CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
14.0%
The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user’s session.
Vendor | Product | Version | CPE |
---|---|---|---|
controlbyweb | x-332-24i_firmware | 1.06 | cpe:2.3:o:controlbyweb:x-332-24i_firmware:1.06:*:*:*:*:*:*:* |
controlbyweb | x-332-24i | - | cpe:2.3:h:controlbyweb:x-332-24i:-:*:*:*:*:*:*:* |
controlbyweb | x-301-i_firmware | 1.15 | cpe:2.3:o:controlbyweb:x-301-i_firmware:1.15:*:*:*:*:*:*:* |
controlbyweb | x-301-i | - | cpe:2.3:h:controlbyweb:x-301-i:-:*:*:*:*:*:*:* |
controlbyweb | x-301-24i_firmware | 1.15 | cpe:2.3:o:controlbyweb:x-301-24i_firmware:1.15:*:*:*:*:*:*:* |
controlbyweb | x-301-24i | - | cpe:2.3:h:controlbyweb:x-301-24i:-:*:*:*:*:*:*:* |