GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-03-23T19:46:23

Updated: 2024-08-03T20:48:17.146Z

Reserved: 2021-02-19T00:00:00

Link: CVE-2021-27418

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-03-23T20:15:08.247

Modified: 2024-11-21T05:57:56.947

Link: CVE-2021-27418

cve-icon Redhat

No data.