Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Improper Neutralization of Input During Web Page Generation (CWE-79) in the Controller 6000 and Controller 7000 diagnostic webpage allows an attacker to modify Controller configuration during an authenticated Operator's session. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Controller 6000和Controller 7000 安全漏洞
Vulnerability Description
Gallagher Controller 6000和Gallagher Controller 7000都是新西兰Gallagher公司的产品。Gallagher Controller 6000是一个 Gallagher 命令中心服务器和分布式现场硬件之间的接口。Gallagher Controller 7000是一款功能强大的网络连接控制器。 Controller 6000和Controller 7000存在安全漏洞,该漏洞源于网页生成过程中对输入的中和不当,这允许攻击者在经过身份验证的操作员会话期间修改
CVSS Information
N/A
Vulnerability Type
N/A