CVE-2023-28651

Cross-site scripting vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is...

CVE-2023-28651

Cross-site scripting vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is...

Remote Code Execution in "Import Settings" feature

Description Due to Improper data validation in "Import Settings" feature, an authenticated attacker can send crafted settings with malicious payload inside "system.croncmdline" value. Step to reproduce Requirement: PHP code must be executed on attacker machine - Step 1: Attacker run web server an...

PT-2022-3201 · Unknown · Igss Data Server

Name of the Vulnerable Software and Affected Versions: IGSS Data Server - IGSSdataServer.exe versions prior to V15.0.0.22170 Description: A buffer copy without checking the size of input vulnerability exists, potentially leading to a stack-based buffer overflow and remote code execution when an...