漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server R1.01.00 to R1.03.00
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Yokogawa FAST/TOOLS 安全漏洞
Vulnerability Description
Yokogawa FAST/TOOLS是日本横河电机(Yokogawa)公司的一个实时操作管理和可视化软件。 Yokogawa FAST/TOOLS、CI Server存在安全漏洞,该漏洞源于WEB HMI服务器处理HTTP请求的功能存在反射型跨站脚本(XSS)漏洞,从而允许执行恶意脚本。受影响的产品和版本如下:FAST/TOOLS(RVSVRN、UNSVRN、HMIWEB、FTEES、HMIMOB)R9.01至R10.04版本、 CI Server R1.01.00至R1.03.00版本。
CVSS Information
N/A
Vulnerability Type
N/A