Lucene search

[email protected]NVD:CVE-2024-6528

HistoryJul 11, 2024 - 9:15 a.m.

CVE-2024-6528

2024-07-1109:15:04

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-6528

cross-site scripting

input neutralization

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.3%

JSON

CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site
Scripting’) vulnerability exists that could cause a vulnerability leading to a cross-site scripting
condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a
page containing the injected payload.

Affected configurations

Nvd

Node

schneider-electricmodicon_m241_firmware

AND

schneider-electricmodicon_m241Match-

Node

schneider-electricmodicon_m251_firmware

AND

schneider-electricmodicon_m251Match-

Node

schneider-electricmodicon_m258_firmware

AND

schneider-electricmodicon_m258Match-

Node

schneider-electricmodicon_m262_firmware

AND

schneider-electricmodicon_m262Match-

Node

schneider-electricmodicon_lmc058_firmware

AND

schneider-electricmodicon_lmc058Match-

VendorProductVersionCPE
schneider-electricmodicon_m241_firmware*cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m241-cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:*
schneider-electricmodicon_m251_firmware*cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m251-cpe:2.3:h:schneider-electric:modicon_m251:-:*:*:*:*:*:*:*
schneider-electricmodicon_m258_firmware*cpe:2.3:o:schneider-electric:modicon_m258_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m258-cpe:2.3:h:schneider-electric:modicon_m258:-:*:*:*:*:*:*:*
schneider-electricmodicon_m262_firmware*cpe:2.3:o:schneider-electric:modicon_m262_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m262-cpe:2.3:h:schneider-electric:modicon_m262:-:*:*:*:*:*:*:*
schneider-electricmodicon_lmc058_firmware*cpe:2.3:o:schneider-electric:modicon_lmc058_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_lmc058-cpe:2.3:h:schneider-electric:modicon_lmc058:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	modicon_m241_firmware	*	cpe:2.3:o:schneider-electric:modicon_m241_firmware::::::::
schneider-electric	modicon_m241	-	cpe:2.3:h:schneider-electric:modicon_m241:-:::::::*
schneider-electric	modicon_m251_firmware	*	cpe:2.3:o:schneider-electric:modicon_m251_firmware::::::::
schneider-electric	modicon_m251	-	cpe:2.3:h:schneider-electric:modicon_m251:-:::::::*
schneider-electric	modicon_m258_firmware	*	cpe:2.3:o:schneider-electric:modicon_m258_firmware::::::::
schneider-electric	modicon_m258	-	cpe:2.3:h:schneider-electric:modicon_m258:-:::::::*
schneider-electric	modicon_m262_firmware	*	cpe:2.3:o:schneider-electric:modicon_m262_firmware::::::::
schneider-electric	modicon_m262	-	cpe:2.3:h:schneider-electric:modicon_m262:-:::::::*
schneider-electric	modicon_lmc058_firmware	*	cpe:2.3:o:schneider-electric:modicon_lmc058_firmware::::::::
schneider-electric	modicon_lmc058	-	cpe:2.3:h:schneider-electric:modicon_lmc058:-:::::::*