Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks. This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Siemens OZW672和OZW772 跨站脚本漏洞
Vulnerability Description
Siemens OZW672和Siemens OZW77都是德国西门子(Siemens)公司的产品。Siemens OZW672是一款楼宇控制器。Siemens OZW77是一款网络服务器。 Siemens OZW672和OZW772存在跨站脚本漏洞,该漏洞源于受影响设备的用户帐户选项卡容易受到存储型跨站脚本 (XSS) 攻击。这可能允许经过身份验证的远程攻击者注入任意 JavaScript 代码,该代码随后由另一个经过身份验证的受害者用户执行,该用户可能比攻击者具有更高的权限。
CVSS Information
N/A
Vulnerability Type
N/A