CVE-2018-7795

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 45.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Powerlogic Pm5560 Firmware Schneider Electric SE Powerlogic - Pm5560 Prior TO FW Version 2.5.4

Timeline

PublishedAug 29

Latest updateMay 14

Description

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5schneider_electric_se/powerlogic_-_pm5560_prior_to_fw_version_2.5.4PowerLogic - PM5560 prior to FW version 2.5.4

▶NVDschneider-electric/powerlogic_pm5560_firmware< 2.5.4

🔴Vulnerability Details

GHSA

GHSA-9cvx-7r58-v2x4: A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2↗2022-05-14

▶

CVEList

CVE-2018-7795: A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2↗2018-08-29

▶