CVE-2024-41725
published 2024-09-25CVE-2024-41725: ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting.
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.35%
27.1th percentile
ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input
fields that are used to render pages which may allow cross site
scripting.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dover_fueling_solutions | progauge_maglink_lx4_console | <= 4.17.9e | — |
| dover_fueling_solutions | progauge_maglink_lx_console | <= 3.4.2.2.6 | — |
| doverfuelingsolutions | progauge_maglink_lx4_console_firmware | <= 4.17.9e | — |
| doverfuelingsolutions | progauge_maglink_lx_console_firmware | <= 3.4.2.2.6 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-697p-23gh-47wj: ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input
fields that are used to render pages which may allow cross site
scripting
ghsa_unreviewed·2024-09-25
CVE-2024-41725 [HIGH] CWE-79 GHSA-697p-23gh-47wj: ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input
fields that are used to render pages which may allow cross site
scripting
ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input
fields that are used to render pages which may allow cross site
scripting.
CISA ICS
Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE
cisa_ics·2024-09-24·CVSS 10.0
[CRITICAL] Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE
ICS Advisory
##
Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE
Release DateSeptember 24, 2024
Alert CodeICSA-24-268-04
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Dover Fueling Solutions (DFS)
- Equipment: ProGauge MAGLINK LX CONSOLE
- Vulnerabilities: Command Injection, Improper Privilege Management, Use of Hard-coded Password, Cross-site Scripting, Authentication Bypass Using an Alternate Path or Channel
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a remote attacker to gain full control of the system.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Th
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-25
Published