CVE-2023-28651
published 2023-06-01CVE-2023-28651: Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an…
PriorityP335medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
64.80%
99.1th percentile
Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contec | conprosys_hmi_system | < 3.5.3 | 3.5.3 |
| contec_co_ltd | conprosys_hmi_system | — | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
squid3 vulnerabilities
osv·2024-06-27·CVSS 7.5
CVE-2021-28651 squid3 vulnerabilities
squid3 vulnerabilities
Joshua Rogers discovered that Squid incorrectly handled requests with the
urn: scheme. A remote attacker could possibly use this issue to cause
Squid to consume resources, leading to a denial of service. This issue
only affected Ubuntu 16.04 LTS. (CVE-2021-28651)
It was discovered that Squid incorrectly handled SSPI and SMB
authentication. A remote attacker could use this issue to cause Squid to
crash, resulting in a denial of service, or possibly obtain sensitive
information. This issue only affected Ubuntu 16.04 LTS. (CVE-2022-41318)
Joshua Rogers discovered that Squid incorrectly handled HTTP message
processing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49285)
Joshua Rogers discovered t
GHSA
GHSA-8xq3-xxw7-pvf5: Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3
ghsa_unreviewed·2023-06-01
CVE-2023-28651 [MEDIUM] CWE-79 GHSA-8xq3-xxw7-pvf5: Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3
Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://jvn.jp/en/vu/JVNVU93372935/https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdfhttps://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdfhttps://jvn.jp/en/vu/JVNVU93372935/https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdfhttps://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf
2023-06-01
Published