N/A

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment.

N/A

Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)

Siemens Comos 跨站脚本漏洞

Siemens Comos是德国西门子（Siemens）公司的一个工厂工程软件解决方案。用于过程工业。 Siemens COMOS Web 存在跨站脚本漏洞，该漏洞源于 COMOS 的 COMOS Web 组件接受任意代码作为任务的附件。 这可能允许攻击者注入在加载附件时执行的恶意代码。

N/A

N/A