CVE-2017-13754
CVE-2017-13754
Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/42610/unverifiedexploitdbwww.exploit-db.com/exploits/42610unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2017/Sep/1https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133https://www.exploit-db.com/exploits/42610/https://www.vulnerability-lab.com/get_content.php?id=2074http://www.securityfocus.com/archive/1/541119/100/0/threadedhttp://www.securityfocus.com/bid/104433