CVE-2019-6565

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 36.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Eds-405a Firmware Moxa Eds-408a Firmware Moxa Eds-510a Firmware +1 more

Timeline

PublishedMar 5

Latest updateMay 13

Description

Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶NVDmoxa/eds-405a_firmware3.8

▶NVDmoxa/eds-408a_firmware3.8

▶NVDmoxa/eds-510a_firmware3.8

▶NVDmoxa/iks-g6824a_firmware4.5

🔴Vulnerability Details

GHSA

GHSA-6hwj-585x-wxvq: Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which m↗2022-05-13

▶

CVEList

CVE-2019-6565: Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which m↗2019-03-05

▶