{"api_version":"1","generated_at":"2026-05-15T06:40:43+00:00","cve":"CVE-2014-3110","urls":{"html":"https://cve.report/CVE-2014-3110","api":"https://cve.report/api/cve/CVE-2014-3110.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-3110","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-3110"},"summary":{"title":"CVE-2014-3110","description":"Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.","state":"PUBLISHED","assigner":"mitre","published_at":"2014-07-24 14:55:07","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/68838","name":"http://www.securityfocus.com/bid/68838","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Honeywell FALCON XLWeb Controllers Multiple Unspecified Cross Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01","name":"http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"Honeywell FALCON XLWeb Controllers Vulnerabilities | ICS-CERT","mime":"application/octet-stream","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/44749/","name":"https://www.exploit-db.com/exploits/44749/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Honeywell XL Web Controller - Cross-Site Scripting - Linux webapps Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-3110","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3110","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"3110","vulnerable":"1","versionEndIncluding":"2.04.01","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"honeywell","cpe5":"falcon_xlweb_linux_controller","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3110","vulnerable":"1","versionEndIncluding":"2.02.11","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"honeywell","cpe5":"falcon_xlweb_xlwebexe","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T10:35:56.473Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01"},{"name":"44749","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/44749/"},{"name":"68838","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/68838"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2014-07-22T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-05-26T09:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01"},{"name":"44749","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/44749/"},{"name":"68838","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/68838"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2014-3110","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01","refsource":"MISC","url":"http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01"},{"name":"44749","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/44749/"},{"name":"68838","refsource":"BID","url":"http://www.securityfocus.com/bid/68838"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2014-3110","datePublished":"2014-07-24T14:00:00.000Z","dateReserved":"2014-04-29T00:00:00.000Z","dateUpdated":"2024-08-06T10:35:56.473Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-07-24 14:55:07","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:honeywell:falcon_xlweb_linux_controller:*:*:*:*:*:*:*:*","versionEndIncluding":"2.04.01","matchCriteriaId":"DCD8DDD2-BB5C-4EB4-9475-67F5B6341DBD"},{"vulnerable":true,"criteria":"cpe:2.3:h:honeywell:falcon_xlweb_xlwebexe:*:*:*:*:*:*:*:*","versionEndIncluding":"2.02.11","matchCriteriaId":"33EAB24D-D7D1-46B5-9740-3A33425AE027"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"3110","Ordinal":"1","Title":"CVE-2014-3110","CVE":"CVE-2014-3110","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"3110","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.","Type":"Description","Title":"CVE-2014-3110"},{"CveYear":"2014","CveId":"3110","Ordinal":"2","NoteData":"2014-07-24","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"3110","Ordinal":"3","NoteData":"2018-05-26","Type":"Other","Title":"Modified"}]}}}