Lucene search
Kubilay Onur GungorPACKETSTORM:152969HistoryMay 18, 2019 - 12:00 a.m.
Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site Scripting
2019-05-1800:00:00
Kubilay Onur Gungor
packetstormsecurity.com
110
EPSS
0.001
Percentile
48.2%
`
I. VULNERABILITY
-------------------------
httpGetSet/httpGet.htm on
Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.
II. CVE REFERENCE
-------------------------
CVE-2019-12167
III. VENDOR
-------------------------
Emerson Network Power
IV. TIMELINE
-------------------------
13/05/2019 Vulnerability discovered
V. CREDIT
-------------------------
Kubilay Onur Gungor from Cyber Struggle
VI. DESCRIPTION
-------------------------
Cross Site Scripting (XSS) allows clients to inject scripts into a request and
have the server return the script to the client in the response. This occurs
because the application is taking untrusted data and reusing it
without performing any validation or sanitisation.
A remote user can conduct cross-site scripting attacks.
Affected Component:
Path(inurl): /httpGetSet/httpGet.htm?
Parameter: statusstr
VII. SOLUTION
-------------------------
Update to lastest version.
`
Related
prion
prion
Design/Logic Flaw
2019-05-22 18:29:00
zdt
zdt
cvelist
cvelist
CVE-2019-12167
2019-05-22 17:42:43
cve
cve
CVE-2019-12167
2019-05-22 18:29:00
nvd
nvd
CVE-2019-12167
2019-05-22 18:29:00