Cross site scripting

2022-05-1618:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.9%

JSON

xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code.

CPENameOperatorVersion
xarrowle7.2

CPE	Name	Operator	Version
	xarrow	le	7.2

References

www.cisa.gov/uscert/ics/advisories/icsa-21-229-03