Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.
Múltiples vulnerabilidades de XSS en los dispositivos controladores Honeywell FALCON XLWeb Linux 2.04.01 y anteriores y los dispositivos controladores FALCON XLWeb XLWebExe 2.02.11 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrariios a través de entradas inválidas.
AV:N/AC:M/Au:N/C:N/I:P/A:N
| Access Vector | NETWORK |
|---|---|
| Access Complexity | MEDIUM |
| Authentication | NONE |
| Confidentiality Impact | NONE |
| Integrity Impact | PARTIAL |
| Availability Impact | NONE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-79
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| honeywell | falcon_xlweb_linux_controller | * | <built-in method update of dict object at 0x7c3bf291d6c0> | Hardware |
| honeywell | falcon_xlweb_xlwebexe | * | <built-in method update of dict object at 0x7c3bf3b4f080> | Hardware |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:h:honeywell:falcon_xlweb_linux_controller:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:h:honeywell:falcon_xlweb_xlwebexe:*:*:*:*:*:*:*:* |