CVE-2015-1179
published 2015-01-26CVE-2015-1179: Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.53%
71.7th percentile
Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tika | — | — |
| infinite_automation_systems | mango_automation | <= 2.4.0 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_apache5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Scada-LTS Third Party Component
cisa_ics·2023-04-25·CVSS 4.3
[MEDIUM] Scada-LTS Third Party Component
ICS Advisory
##
Scada-LTS Third Party Component
Release DateApril 25, 2023
Alert CodeICSA-23-115-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.5
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Scada-LTS
- Equipment: Scada-LTS
- Vulnerability: Cross-site Scripting
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow loss of sensitive information and execution of arbitrary code.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Scada-LTS, an open-source HMI, are affected:
- Scada-LTS Versions 2.7.4 and prior
## 3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Scada-LTS versions 2.7.4 an
Apache
Apache tika: CVE-2015-3271
vendor_apache·CVSS 5.3
CVE-2015-3271 [MEDIUM] Apache tika: CVE-2015-3271
Apache tika: CVE-2015-3271
Remote Access to host files via tika-server Tim Allison 1.9?-1.10 PDFBOX-2811 Apache PDFBox - Infinite Loop Andreas Lehmkühler ?-1.10 PDFBOX-2200 Apache PDFBox - Slowly building memory leak because of static caching of fonts Matthew Buckett ?-1.6 TIKA-1471 Apache PDFBox - OOM with corrupt PDF Alan Burlison ?-1.6 TIKA-788 Infinite Loop in DWG Stas Shaposhnikov ?-1.4? TIKA-1132 Apache POI - Nearly Infinite Loop in XLS Ryan Krueger ?-1.4 TIKA-1179 Infinite Loop in corrupt MP3 Marius Dumitru Florea ?-1.4 TIKA-866 OOM reading Tika config file Stephan Mühlstrasser ?-1.1 Third party vulnerabilities that may or may not be triggerable via regular use of Apache Tika. CVE or Vulnerability Description Reporter Affected Versions
GHSA
GHSA-qp53-7wh8-26w7: Multiple cross-site scripting (XSS) vulnerabilities in data_point_details
ghsa_unreviewed·2022-05-14
CVE-2015-1179 [MEDIUM] CWE-79 GHSA-qp53-7wh8-26w7: Multiple cross-site scripting (XSS) vulnerabilities in data_point_details
Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/130062/Mango-Automation-SCADA-HMI-2.4.0-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/archive/1/534530/100/0/threadedhttp://packetstormsecurity.com/files/130062/Mango-Automation-SCADA-HMI-2.4.0-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/archive/1/534530/100/0/threaded
2015-01-26
Published