Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 13 Sep 2024 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Br-automation
Br-automation industrial Automation Aprol
CPEs cpe:2.3:a:br-automation:industrial_automation_aprol:*:*:*:*:*:*:*:*
Vendors & Products Br-automation
Br-automation industrial Automation Aprol
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Thu, 29 Aug 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 29 Aug 2024 09:00:00 +0000

Type Values Removed Values Added
Description Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session
Title Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ABB

Published:

Updated: 2024-08-29T13:40:31.563Z

Reserved: 2024-06-04T08:28:17.633Z

Link: CVE-2024-5624

cve-icon Vulnrichment

Updated: 2024-08-29T13:40:27.474Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-29T11:15:27.673

Modified: 2024-09-13T20:23:28.787

Link: CVE-2024-5624

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.