- Description
- Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:softing:fg-x00_profibus_firmware:2.02.0.00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8BBCD8A-76A3-4876-9C75-54ED82292B0D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:softing:fg-100_profibus:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "50C723A1-459C-461B-8C42-25D850CE2311"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]