Cross site scripting

2012-05-2216:55:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields.

CPENameOperatorVersion
kerweble3.0
kerwinle6.0

CPE	Name	Operator	Version
	kerweb	le	3.0
	kerwin	le	6.0

References

secunia.com/advisories/49041

www.securityfocus.com/bid/53409

www.phocean.net/2012/05/08/cve-2012-1990-kerwebkerwin-xss-vulnerabilities.html