3 matches found
CVE-2021-43932
CVE-2021-43932 affects Elcomplus SmartPTT SCADA Server (notably SmartPTT SCADA Server v1.4) where an attacker can inject JavaScript into a parameter that executes when accessing the dashboard or main page. Root cause: CWE-79 (Cross‑Site Scripting) due to improper input neutralization. Impact per ...
CVE-2021-43932 Elcomplus SmartPtt Cross-site Scripting
Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page...
Elcomplus SmartPTT SCADA
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor: Elcomplus Equipment: SmartPTT Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, Cross-site Scripting 2. RISK EVALUATION Successful exploitation...