CVE-2024-13950

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.9MEDIUM
EPSS
0.2%
top 56.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ABB Aspect-enterpriseABB Matrix SeriesABB Nexus Series
Timeline
PublishedMay 22

Description

Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

Affected Packages3 packages

CVEListV5abb/nexus_series3.*
CVEListV5abb/matrix_series3.*
CVEListV5abb/aspect-enterprise3.*

🔴Vulnerability Details

2
CVEList
Log Injection2025-05-22
GHSA
GHSA-wc69-3q88-j8fp: Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised2025-05-22
CVE-2024-13950 (MEDIUM CVSS 6.9) | Log injection vulnerabilities in AS | cvebase.io