Phoenix Contact: FL MGUARD XSS through web-based management and REST API
CVE-2021-34582

4.8MEDIUM

Key Information:

Vendor: Phoenix Contact
Status: Fl Mguard
Vendor: CVE Published:; 10 November 2021

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2021-34582?

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.

Affected Version(s)

FL MGUARD 1.4.0

References

https://cert.vde.com/en/advisories/VDE-2021-046/

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2021
Vulnerability Reserved
Jun 10, 2021