exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
References
Link | Resource |
---|---|
https://us-cert.gov/ics/advisories | Third Party Advisory US Government Resource |
https://www.johnsoncontrols.com/cyber-solutions/security-advisories | Vendor Advisory |
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-01 | Third Party Advisory US Government Resource |
Configurations
Information
Published : 2021-06-24 07:15
Updated : 2021-09-20 11:48
NVD link : CVE-2021-27659
Mitre link : CVE-2021-27659
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
johnsoncontrols
- exacqvision_web_service