The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user’s session.
CPE | Name | Operator | Version |
---|---|---|---|
x-301-24i_firmware | eq | 1.15 | |
x-301-i_firmware | eq | 1.15 | |
x-332-24i_firmware | eq | 1.06 |