N/A

A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

LOYTEC LVIS-3ME 跨站脚本漏洞

LOYTEC LVIS-3ME是德国LOYTEC公司的一款HMI触摸面板。 LOYTEC LVIS-3ME 6.2.0之前的版本中存在跨站脚本漏洞，该漏洞源于程序没有充分的验证Web请求。远程攻击者可借助恶意的链接利用该漏洞在用户浏览器中执行脚本代码。

N/A

N/A