The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.
Max CVSS
6.1
EPSS Score
0.06%
Published
2023-02-27
Updated
2023-03-08
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-03-09
Updated
2022-03-18
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
Max CVSS
8.8
EPSS Score
0.08%
Published
2021-05-13
Updated
2021-05-20
An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability.
Max CVSS
5.4
EPSS Score
0.05%
Published
2024-03-13
Updated
2024-03-13
WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.
Max CVSS
6.1
EPSS Score
0.09%
Published
2018-10-12
Updated
2019-05-13
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser.
Max CVSS
5.4
EPSS Score
0.44%
Published
2018-07-12
Updated
2021-05-20
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!