Impact
The vulnerability allows an attacker to store malicious scripts in the web interface of Eksagate’s SYSGUARD 6001, which are later executed in the browser of any user who views the affected page. As a result, an attacker could steal session cookies, deface content, or perform further attacks on users by exploiting their authenticated sessions. The weakness is a classic input validation flaw (CWE‑79).
Affected Systems
Eksagate Electronic Engineering and Computer Industry Trade Inc. offers the SYSGUARD 6001 product. All installations running versions from 2.0.2 up to, but not including, 6.1.4.0 are affected. The product is currently not supported by the vendor, meaning no official fixes are expected.
Risk and Exploitability
The CVSS score of 6.1 indicates a moderate severity that could lead to confidentiality or integrity breaches through cross‑site scripting. Because EPSS data is unavailable, the likelihood of exploitation is uncertain, and the vulnerability is not listed in CISA KEV. An attacker would need to upload a malicious script through the web interface and wait until another user loads the page. With the product unsupported, the only way to reduce risk is through temporary mitigations rather than a vendor patch.
OpenCVE Enrichment