Cross site scripting

2014-08-2014:55:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors.

CPENameOperatorVersion
technik_microcontrol_firmwareeq1.7.937

CPE	Name	Operator	Version
	technik_microcontrol_firmware	eq	1.7.937

References

seclists.org/fulldisclosure/2014/Jul/40

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt