6 matches found
CVE-2018-16061
Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATHINFO to login.php...
Mitsubishi Electric SmartRTU Cross-site Scripting (CVE-2018-16061)
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATHINFO to login.php. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Mitsubishi Electric / INEA SmartRTU Cross Site Scripting
Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting XSS Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16061 Po...
Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting Vulnerability
Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting XSS Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16061 PoC Request POST...
Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS)
Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting XSS Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16061 Po...
CVE-2018-16061
Summary: CVE-2018-16061 affects Mitsubishi Electric SmartRTU devices, enabling cross‑site scripting via the username parameter or PATH_INFO to login.php. Root cause: likely lack of proper validation/escaping on login.php inputs (insufficient input sanitization). Impact: XSS in the SmartRTU web in...