Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-6516

CWE-79Cross-site Scripting (XSS)6 documents4 sources
Severity
9.3CRITICAL
EPSS
0.9%
top 24.36%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
22
ABB Aspect-ent-12 FirmwareABB Aspect-ent-256 FirmwareABB Aspect-ent-2 Firmware+19 more
Timeline
PublishedDec 5
Latest updateApr 15

Description

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N

Affected Packages22 packages

CVEListV5abb/nexus_series3.08.01
CVEListV5abb/matrix_series3.08.01
CVEListV5abb/aspect-enterprise3.08.01
NVDabb/matrix-11_firmware< 3.08.03
NVDabb/nexus-264_firmware< 3.08.03

🔴Vulnerability Details

2
CVEList
Cross Site Scripting XSS2024-12-05
GHSA
GHSA-26m5-cv5f-4mwg: Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser2024-12-05

💥Exploits & PoCs

3
Exploit-DB
ABB Cylon Aspect 3.08.02 (licenseUpload.php) - Stored Cross-Site Scripting2025-04-15
Exploit-DB
ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution2025-04-15
Exploit-DB
ABB Cylon Aspect 3.08.02 (licenseServerUpdate.php) - Stored Cross-Site Scripting2025-04-15
CVE-2024-6516 (CRITICAL CVSS 9.3) | Cross Site Scripting vulnerabilitie | cvebase.io