Cross-Site Scripting Vulnerability in Wibu-Systems CodeMeter
CVE-2017-13754

5.4MEDIUM

Key Information:

Vendor

Wibu

Status
Codemeter
Vendor
CVE Published:
7 September 2017

What is CVE-2017-13754?

A cross-site scripting (XSS) vulnerability existed in the 'advanced settings - time server' module of Wibu-Systems CodeMeter prior to version 6.50b. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML into the application through the 'server name' field in the actions/ChangeConfiguration.html page, potentially compromising user interactions and data integrity.

References

https://www.vulnerability-lab.com/get_content.php?id=2074
x_refsource_MISC
https://rockwellautomation.custhelp.com/app/answers/detai...
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/541119/100/0/threaded
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.