CVE-2015-6477

Nordex NC2 (Wind Farm Portal) web-based SCADA NC2, version 16 and earlier, contains multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject and execute arbitrary script in a victim’s browser via the NC2 web interface (notably the login parameter). Root cause is i...