The vulnerability of the MODULYS GP (MOD3GP-SY-120K) module-based power supply management web application allows a attacker to perform arbitrary actions.

The vulnerability of the MODULYS GP MOD3GP-SY-120K web-based management application relates to its dependence on cookie files without any checks for their validity and integrity. Exploiting this vulnerability could allow an attacker to perform arbitrary actions remotely...

CVE-2023-38582

Persistent cross-site scripting XSS in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAILRCV. When a legitimate user attempts to access to the vulnerable page of the web application, the X...

Cross site scripting

UNSUPPPORTED WHEN ASSIGNED Persistent cross-site scripting XSS in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAILRCV. When a legitimate user attempts to access to the vulnerable page of...

CVE-2023-38255 Socomec MOD3GP-SY-120K Cross-site Scripting

A potential attacker with or without cookie theft access to the device would be able to include malicious code XSS when uploading new device configuration that could affect the intended function of the device...

CVE-2023-38582 Socomec MOD3GP-SY-120K Cross-site Scripting

Persistent cross-site scripting XSS in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAILRCV. When a legitimate user attempts to access to the vulnerable page of the web application, the X...

CVE-2023-38582 Socomec MOD3GP-SY-120K Cross-site Scripting

Persistent cross-site scripting XSS in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAILRCV. When a legitimate user attempts to access to the vulnerable page of the web application, the X...

CVE-2023-38582

MOD3GP-SY-120K (MODULYS GP) web firmware v01.12.10 is affected by a persistent cross-site scripting (XSS) flaw in the MAIL_RCV field that allows an authenticated remote attacker to inject arbitrary JavaScript, executed when a user loads the vulnerable page. Affected product is the MOD3GP-SY-120K ...

CVE-2023-39446 Socomec MOD3GP-SY-120K Cross-Site Request Forgery

Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application...

CVE-2023-39446 Socomec MOD3GP-SY-120K Cross-Site Request Forgery

Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application...

CVE-2023-40221 Socomec MOD3GP-SY-120K Code Injection

The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section MAIL SERVER where the information is displayed. Injection can be done on...

CVE-2023-40221 Socomec MOD3GP-SY-120K Code Injection

The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section MAIL SERVER where the information is displayed. Injection can be done on...

CVE-2023-41084 Socomec MOD3GP-SY-120K Reliance on Cookies without Validation and Integrity Checking

Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device...

CVE-2023-41965 Socomec MOD3GP-SY-120K Insecure Storage of Sensitive Information

Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process...

CVE-2023-41965 Socomec MOD3GP-SY-120K Insecure Storage of Sensitive Information

Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process...

Socomec MOD3GP-SY-120K

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Socomec Equipment : MOD3GP-SY-120K Vulnerabilities : Cross-Site Scripting XSS, Cross-Site Request Forgery CSRF, Insecure Storage of Sensitive Information, Reliance on Cookies without Validation and...

PT-2023-5299 · Unknown · Modulys Gp

Name of the Vulnerable Software and Affected Versions: MODULYS GP MOD3GP-SY-120K affected versions not specified Description: The issue is related to incorrect session management within the web application, allowing attackers to steal session cookies and perform various actions on the device. Thi...