CVE-2023-38121Cross-site Scripting in Ignition

CWE-79Cross-site Scripting3 documents3 sources
Severity
9.0CRITICALNVD
EPSS
1.7%
top 17.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Inductiveautomation IgnitionInductive Automation Ignition
Timeline
PublishedMay 3

Description

Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the id parameter provided to the Inductive Automation Ignition web interface. The

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-f526-9q5m-qh6g: Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability2024-05-03
CVEList
Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability2024-05-03
CVE-2023-38121 — Cross-site Scripting in Ignition | cvebase