Cross site scripting

2019-01-2916:29:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

23.5%

JSON

Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.

CPENameOperatorVersion
niagarage4.6
niagaralt4.6.96.28.4
niagaraeq4.4.0-u2
niagaralt4.4.93.40.2
niagara_ax_frameworkeq3.8.0-u4
niagara_ax_frameworklt3.8.401.1
niagara_enterprise_securitylt2.3.118.6
niagara_enterprise_securityeq2.3.0-u1

Name	Operator	Version
niagara	ge	4.6
niagara	lt	4.6.96.28.4
niagara	eq	4.4.0-u2
niagara	lt	4.4.93.40.2
niagara_ax_framework	eq	3.8.0-u4
niagara_ax_framework	lt	3.8.401.1
niagara_enterprise_security	lt	2.3.118.6
niagara_enterprise_security	eq	2.3.0-u1

References

www.securityfocus.com/bid/106530

ics-cert.us-cert.gov/advisories/ICSA-18-333-02

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for PRION:CVE-2018-18985