Vulnerability Details CVE-2018-19694
HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/151119/HMS-Netbiter-WS100-3.30.5-Cross-Site-Scripting.html
- https://seclists.org/bugtraq/2019/Jan/9
- https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2018-12-04-001-ec150-ec250-lc310-lc350-ws100-ws200-cve-2018-19694.pdf
- https://www.netbiter.com/products
- http://packetstormsecurity.com/files/151119/HMS-Netbiter-WS100-3.30.5-Cross-Site-Scripting.html
- https://seclists.org/bugtraq/2019/Jan/9
- https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2018-12-04-001-ec150-ec250-lc310-lc350-ws100-ws200-cve-2018-19694.pdf
- https://www.netbiter.com/products
Products affected by CVE-2018-19694
-
cpe:2.3:h:hms-networks:netbiter_ec150:-
-
cpe:2.3:h:hms-networks:netbiter_ec250:-
-
cpe:2.3:h:hms-networks:netbiter_lc310:-
-
cpe:2.3:h:hms-networks:netbiter_lc310_thingworx:-
-
cpe:2.3:h:hms-networks:netbiter_lc350:-
-
cpe:2.3:h:hms-networks:netbiter_lc350_thingworx:-
-
cpe:2.3:h:hms-networks:netbiter_ws100:-
-
cpe:2.3:h:hms-networks:netbiter_ws200:-
-
cpe:2.3:o:hms-networks:netbiter_ec150_firmware:1.40.0
-
cpe:2.3:o:hms-networks:netbiter_ec250_firmware:1.40.0
-
cpe:2.3:o:hms-networks:netbiter_lc310_firmware:2.01.03
-
cpe:2.3:o:hms-networks:netbiter_lc310_firmware:3.30.5
-
cpe:2.3:o:hms-networks:netbiter_lc310_thingworx_firmware:2.00.07
-
cpe:2.3:o:hms-networks:netbiter_lc350_firmware:2.00.07
-
cpe:2.3:o:hms-networks:netbiter_lc350_thingworx_firmware:2.00.07
-
cpe:2.3:o:hms-networks:netbiter_ws100_firmware:3.30.5
-
cpe:2.3:o:hms-networks:netbiter_ws200_firmware:3.30.4