Vulnerability Details CVE-2018-18882
A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.6%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2018-18882
-
cpe:2.3:h:controlbyweb:x-320m-i:-
-
cpe:2.3:o:controlbyweb:x-320m-i_firmware:1.05