The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HBosch Rexroth Indramotion Mlc L20
HWBoschwszystkie wersjeBosch Rexroth Indramotion Mlc L20 Firmware
OSBoschwszystkie wersjeBosch Rexroth Indramotion Mlc L40
HWBoschwszystkie wersjeBosch Rexroth Indramotion Mlc L40 Firmware
OSBoschwszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
Related vulnerabilities
CVE-2021-23857CRITICAL10.0ten sam produkt
Login with hash: The login routine allows the client to log in to the system not by using the password, but by...
CVE-2021-23858HIGH8.6ten sam produkt
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an u...
CVE-2022-36301CRITICAL9.8ten sam vendor
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker t...
CVE-2021-23859CRITICAL9.1ten sam vendor
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of...
CVE-2021-23847CRITICAL9.8ten sam vendor
A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to...