12 matches found
EUVD-2020-20694
Malware in sbrugna...
CVE-2020-28210
A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...
ICSA-21-063-02_Schneider Electric EcoStruxure Building Operation (EBO)
1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Building Operation Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Improper Restriction of XML External Entity...
CVE-2020-28210
A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...
CVE-2020-28210
A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...
Cross site scripting
A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...
CVE-2020-28210
CVE-2020-28210 is a Cross-Site Scripting (CWE-79) vulnerability in EcoStruxure Building Operation WebStation (V2.0–V3.1). The root cause is improper input neutralization during webpage generation, enabling an authenticated remote user to inject HTML/JavaScript into other WebReport users’ browsers...
CVE-2020-28210
A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...
CVE-2020-28210
A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...
Schneider Electric EcoStruxure Building Operation WebStation 跨站脚本漏洞
The EcoStruxure Building Operation WebStation is a web-based user interface for daily operations in the EcoStruxure BMS. A cross-site scripting vulnerability exists in EcoStruxure Building Operation WebStation 2.0 - 3.1. An attacker can exploit this vulnerability to inject HTML and JavaScript cod...
PT-2019-6004
Name of the Vulnerable Software and Affected Versions EcoStruxure Building Operation WebStation versions 2.0 through 3.1 Description A Cross-site Scripting issue exists due to improper neutralization of input during web page generation, allowing an attacker to inject HTML and JavaScript code into...
[Full-disclosure] [CIRT.DK - Advisory 37] TAC Vista Webstation 3.0 Directory Traversal bug in webinterface
TAC Vista is based on open technologies, TAC VistaR is one of the most advanced software solutions for building automation. TAC Vista efficiently and economically controls, checks and analyzes all building operations, allowing system operators to control and monitor entire systems on site or from...