Cross-Site Scripting Vulnerability in Moxa EDS-405A and EDS-408A Switches
CVE-2015-6466

Currently unrated

Key Information:

Vendor: Moxa
Status: Eds-405a Firmware; Eds-408a Firmware
Vendor: CVE Published:; 11 September 2015

Summary

Remote attackers can exploit a cross-site scripting vulnerability in the Diagnosis Ping feature of the administrative web interface in Moxa EDS-405A and EDS-408A switches. This flaw, present in firmware versions prior to 3.6, allows injection of arbitrary web script or HTML through an unspecified field. Successful exploitation can lead to unauthorized actions, compromise integrity, and potentially allow attackers to gain access to sensitive information.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-246-03

x_refsource_MISC

http://www.moxa.com/support/download.aspx?type=support&id...

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 11, 2015
Vulnerability Reserved
Aug 17, 2015