Cross-Site Scripting Vulnerability in Schneider Electric U.motion Products
CVE-2019-6835
5.4MEDIUM
What is CVE-2019-6835?
A Cross-Site Scripting (XSS) vulnerability in Schneider Electric's U.motion Server can allow attackers to inject malicious client-side scripts. This risk emerges when users visit compromised web pages associated with the affected U.motion products, leading to potential exploitation of user sessions and extraction of sensitive information.
Affected Version(s)
U.motion Server MEG6501-0001 - U.motion KNX server
U.motion Server MEG6501-0002 - U.motion KNX Server Plus
U.motion Server MEG6260-0410 - U.motion KNX Server Plus