Cross-Site Scripting Vulnerability in ScadaBR by Mister Alfa
CVE-2019-16321

6.1MEDIUM

Key Information:

Vendor: Scadabr
Status: Scadabr
Vendor: CVE Published:; 15 September 2019

What is CVE-2019-16321?

ScadaBR versions 1.0CE and 1.1.x up to 1.1.0-RC are susceptible to a Cross-Site Scripting (XSS) vulnerability. This issue arises when an attacker sends a request for a nonexistent resource, specifically targeting the dwr/test/ PATH_INFO. If exploited, this vulnerability could allow malicious actors to inject scripts, potentially compromising user data and web application integrity.

References

https://misteralfa-hack.blogspot.com/2019/09/scadabr-scad...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2019
Vulnerability Reserved
Sep 15, 2019

JSON

Scadabr

What is CVE-2019-16321?

References

CVSS V3.1

Timeline