Vulnerability Details CVE-2020-7481
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2020-7481
-
cpe:2.3:h:schneider-electric:andover_continuum_5720:-
-
cpe:2.3:h:schneider-electric:andover_continuum_5740:-
-
cpe:2.3:h:schneider-electric:andover_continuum_9200:-
-
cpe:2.3:h:schneider-electric:andover_continuum_9680:-
-
cpe:2.3:h:schneider-electric:andover_continuum_9702:-
-
cpe:2.3:h:schneider-electric:andover_continuum_9900:-
-
cpe:2.3:h:schneider-electric:andover_continuum_9924:-
-
cpe:2.3:h:schneider-electric:andover_continuum_9940:-
-
cpe:2.3:h:schneider-electric:andover_continuum_9941:-
-
cpe:2.3:h:schneider-electric:andover_continuum_bcx4040:-
-
cpe:2.3:h:schneider-electric:andover_continuum_bcx9640:-
-
cpe:2.3:o:schneider-electric:andover_continuum_5720_firmware:-
-
cpe:2.3:o:schneider-electric:andover_continuum_5740_firmware:-
-
cpe:2.3:o:schneider-electric:andover_continuum_9200_firmware:-
-
cpe:2.3:o:schneider-electric:andover_continuum_9680_firmware:-
-
cpe:2.3:o:schneider-electric:andover_continuum_9702_firmware:-
-
cpe:2.3:o:schneider-electric:andover_continuum_9900_firmware:-
-
cpe:2.3:o:schneider-electric:andover_continuum_9924_firmware:-
-
cpe:2.3:o:schneider-electric:andover_continuum_9940_firmware:-
-
cpe:2.3:o:schneider-electric:andover_continuum_9941_firmware:-
-
cpe:2.3:o:schneider-electric:andover_continuum_bcx4040_firmware:-
-
cpe:2.3:o:schneider-electric:andover_continuum_bcx9640_firmware:-