Cross Site Scripting XSS
CVE-2024-6516
6.1MEDIUM
What is CVE-2024-6516?
A Cross Site Scripting (XSS) vulnerability has been identified in ABB's ASPECT and NEXUS Series products, allowing for the injection of malicious scripts into client browsers. This vulnerability poses a risk as it could enable attackers to execute arbitrary JavaScript code in the context of the user’s browser, compromising sensitive data and compromising user sessions. Affected versions include ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02. Organizations utilizing these products should prioritize remediation strategies to mitigate potential exploits.
Affected Version(s)
ASPECT-Enterprise Linux 0 <= 3.08.01
MATRIX Series Linux 0 <= 3.08.01
NEXUS Series Linux 0 <= 3.08.01
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure