nc2.ca Cross Site Scripting vulnerability OBB-3345748

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2015-6477

Nordex NC2 (Wind Farm Portal) web-based SCADA NC2, version 16 and earlier, contains multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject and execute arbitrary script in a victim’s browser via the NC2 web interface (notably the login parameter). Root cause is i...

Nordex NC2 'username' Parameter Cross Site Scripting Vulnerability

Nordex NC2 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-5408

CVE-2014-5408 is a reflected XSS in the Nordex NC2 Wind Farm Portal login script (username parameter) affecting NC2 v15 and earlier. The vulnerability, exploitable remotely, can cause a user’s browser to execute arbitrary script/HTML; OpenVAS notes the potential to read cookies during exploitatio...