CVE-2015-6494
published 2015-10-28CVE-2015-6494: Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to…
PriorityP416low3.5CVSS 2.0
AVNACMAuSCNIPAN
EXPLOIT
EPSS
1.75%
75.0th percentile
Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| infinite_automation_systems | mango_automation | — | — |
| infinite_automation_systems | mango_automation | — | — |
| infinite_automation_systems | mango_automation | — | — |
| mongodb | mongodb | >= 0 < 1:2.4.9-1ubuntu2+esm2 | 1:2.4.9-1ubuntu2+esm2 |
| mongodb | mongodb | >= 0 < 1:2.6.10-0ubuntu1+esm2 | 1:2.6.10-0ubuntu1+esm2 |
| mongodb | mongodb | >= 0 < 1:3.6.3-0ubuntu1.4+esm1 | 1:3.6.3-0ubuntu1.4+esm1 |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
mongodb vulnerabilities
osv·2026-02-25·CVSS 5.0
CVE-2015-1609 mongodb vulnerabilities
mongodb vulnerabilities
Eliot Horowitz discovered that MongoDB may fail to validate some instances
of malformed BSON. A remote attacker could possibly use this issue to cause
MongoDB to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2015-1609)
It was discovered that MongoDB read raw permissions from .dbshell history
files. A local attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
LTS. (CVE-2016-6494)
Travis Brown discovered that MongoDB may be unable to parse specially
crafted UTF-8 strings in BSON requests. A remote attacker could possibly
use this issue to cause MongoDB to crash, resulting in a denial of service.
This issue only affected Ubuntu 18.04 LTS. (CVE-201
GHSA
GHSA-8f9x-339q-v7c3: Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2
ghsa_unreviewed·2022-05-17
CVE-2015-6494 [LOW] CWE-79 GHSA-8f9x-339q-v7c3: Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2
Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CISA ICS
Infinite Automation Systems Mango Automation Vulnerabilities (Update A)
cisa_ics·2015-10-27
Infinite Automation Systems Mango Automation Vulnerabilities (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Infinite Automation Systems Mango Automation Vulnerabilities (Update A)
Last RevisedAugust 27, 2018
Alert CodeICSA-15-300-02A
## OVERVIEW
This updated advisory is a follow-up to the original advisory titled ISCA-15-300-02 Infinite Automation Systems Mango Automation Vulnerabilities that was published October 27, 2015, on the NCCIC/ICS-CERT web site.
Steven Seeley of Source Incite and Gjoko Krstic of Zero Science Lab have independently identified vulnerabilities in the Infinite Automation Systems Mango Automation application.
## --------- Begin Update A Part 1 of 3 --------
In
No detection rules found.
No writeups or analysis indexed.
2015-10-28
Published