Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Advantech ADAM-5550 Cross-site Scripting
Vulnerability Description
Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Advantech ADAM-5550 跨站脚本漏洞
Vulnerability Description
Advantech ADAM-5550是中国研华(Advantech)公司的一款高性能可编程自动化控制器。 Advantech ADAM-5550存在跨站脚本漏洞,该漏洞源于 Web 应用程序包含一个logs页面,其中向用户显示收到的所有 HTTP 请求。设备在解析 HTTP 请求以生成页面输出时无法正确消除恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A