CVE-2015-0976
published 2015-04-03CVE-2015-0976: Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.14%
62.6th percentile
Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| inductiveautomation | ignition | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Inductive Automation Ignition Vulnerabilities
cisa_ics·2018-08-27
Inductive Automation Ignition Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Inductive Automation Ignition Vulnerabilities
Last RevisedAugust 27, 2018
Alert CodeICSA-15-090-01
## OVERVIEW
Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai of Positive Technologies have identified several vulnerabilities in Inductive Automation’s Ignition Software. Inductive Automation has produced a patch that mitigates these vulnerabilities.
These vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following Inductive Automation product is affected:
- Inductive Automation Ignition 7.7.2
## IMPACT
Impact to individual organizations depe
GHSA
GHSA-9vww-crq7-mh6j: Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7
ghsa_unreviewed·2022-05-17
CVE-2015-0976 [MEDIUM] CWE-79 GHSA-9vww-crq7-mh6j: Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7
Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-04-03
Published