CVE-2024-23906
Improper Neutralization of Input During Web Page Generation CWE-79 in

Publication date: 2024-09-11

Last updated on: 2024-09-11

Assigner: [email protected]

Description
Improper Neutralization of Input During Web Page Generation CWE-79 in the Controller 6000 and Controller 7000 diagnostic webpage allows an attacker to modify Controller configuration during an authenticated Operators session. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a distributed in 9.10.1530 MR2, 9.00 prior to vCR9.00.240816a distributed in 9.00.2168 MR4, 8.90 prior to vCR8.90.240816a distributed in 8.90.2155 MR5, 8.80 prior to vCR8.80.240816b distributed in 8.80.1938 MR6, all versions of 8.70 and prior.
CVSS Scores
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE ID Description
UNKNOWN
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
Date published:
2024-09-11
Date last modified:
2024-09-11
Date generated:
2025-01-15
NVD report: