Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.
References
Link | Resource |
---|---|
http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01 | Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/68838 | |
https://www.exploit-db.com/exploits/44749/ |
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-07-24 07:55
Updated : 2018-05-26 18:29
NVD link : CVE-2014-3110
Mitre link : CVE-2014-3110
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
honeywell
- falcon_xlweb_linux_controller
- falcon_xlweb_xlwebexe