CVE-2023-28651
Summary
| CVE | CVE-2023-28651 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-01 02:15:00 UTC |
| Updated | 2023-06-08 13:55:00 UTC |
| Description | Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Contec | Conprosys Hmi System | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| JVNVU#93372935: Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS) | MISC | jvn.jp | |
| www.contec.com/api/downloadlogger | MISC | www.contec.com | |
| www.contec.com/jp/api/downloadlogger | MISC | www.contec.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.