Overview
- Description
- A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:loytec:lvis-3me_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1420D89A-7473-467E-92D5-5B338A3F124A",
"versionEndIncluding": "6.1.1"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:loytec:lvis-3me:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EB324A4A-8D41-41AE-A7E0-92A8A8ABD0E6"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]