Vulnerability Details CVE-2021-27418
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.5%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 4.3
References
Products affected by CVE-2021-27418
-
cpe:2.3:h:ge:multilin_b30:-
-
cpe:2.3:h:ge:multilin_b90:-
-
cpe:2.3:h:ge:multilin_c30:-
-
cpe:2.3:h:ge:multilin_c60:-
-
cpe:2.3:h:ge:multilin_c70:-
-
cpe:2.3:h:ge:multilin_c95:-
-
cpe:2.3:h:ge:multilin_d30:-
-
cpe:2.3:h:ge:multilin_d60:-
-
cpe:2.3:h:ge:multilin_f35:-
-
cpe:2.3:h:ge:multilin_f60:-
-
cpe:2.3:h:ge:multilin_g30:-
-
cpe:2.3:h:ge:multilin_g60:-
-
cpe:2.3:h:ge:multilin_l30:-
-
cpe:2.3:h:ge:multilin_l60:-
-
cpe:2.3:h:ge:multilin_l90:-
-
cpe:2.3:h:ge:multilin_m60:-
-
cpe:2.3:h:ge:multilin_n60:-
-
cpe:2.3:h:ge:multilin_t35:-
-
cpe:2.3:h:ge:multilin_t60:-
-
cpe:2.3:o:ge:multilin_b30_firmware:-
-
cpe:2.3:o:ge:multilin_b90_firmware:-
-
cpe:2.3:o:ge:multilin_c30_firmware:-
-
cpe:2.3:o:ge:multilin_c60_firmware:-
-
cpe:2.3:o:ge:multilin_c70_firmware:-
-
cpe:2.3:o:ge:multilin_c95_firmware:-
-
cpe:2.3:o:ge:multilin_d30_firmware:-
-
cpe:2.3:o:ge:multilin_d60_firmware:-
-
cpe:2.3:o:ge:multilin_f35_firmware:-
-
cpe:2.3:o:ge:multilin_f60_firmware:-
-
cpe:2.3:o:ge:multilin_g30_firmware:-
-
cpe:2.3:o:ge:multilin_g60_firmware:-
-
cpe:2.3:o:ge:multilin_l30_firmware:-
-
cpe:2.3:o:ge:multilin_l60_firmware:-
-
cpe:2.3:o:ge:multilin_l90_firmware:-
-
cpe:2.3:o:ge:multilin_m60_firmware:-
-
cpe:2.3:o:ge:multilin_n60_firmware:-
-
cpe:2.3:o:ge:multilin_t35_firmware:-
-
cpe:2.3:o:ge:multilin_t60_firmware:-