Description
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS.

This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0. 

NOTE: The vendor was contacted and it was learned that the product is not supported.
Published: 2026-06-30
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to store malicious scripts in the web interface of Eksagate’s SYSGUARD 6001, which are later executed in the browser of any user who views the affected page. As a result, an attacker could steal session cookies, deface content, or perform further attacks on users by exploiting their authenticated sessions. The weakness is a classic input validation flaw (CWE‑79).

Affected Systems

Eksagate Electronic Engineering and Computer Industry Trade Inc. offers the SYSGUARD 6001 product. All installations running versions from 2.0.2 up to, but not including, 6.1.4.0 are affected. The product is currently not supported by the vendor, meaning no official fixes are expected.

Risk and Exploitability

The CVSS score of 6.1 indicates a moderate severity that could lead to confidentiality or integrity breaches through cross‑site scripting. Because EPSS data is unavailable, the likelihood of exploitation is uncertain, and the vulnerability is not listed in CISA KEV. An attacker would need to upload a malicious script through the web interface and wait until another user loads the page. With the product unsupported, the only way to reduce risk is through temporary mitigations rather than a vendor patch.

Generated by OpenCVE AI on June 30, 2026 at 13:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Identify all installations of SYSGUARD 6001 versions below 6.1.4.0 and document the affected hosts
  • Disable or restrict the web interface of those installations to prevent untrusted input from reaching the application
  • Apply additional input‑validation or a web application firewall rule that blocks script tags to mitigate XSS until the product can be replaced or upgraded

Generated by OpenCVE AI on June 30, 2026 at 13:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 30 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Description Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0.  NOTE: The vendor was contacted and it was learned that the product is not supported.
Title Stored XSS in Exagate's SYSGUARD 6001
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-06-30T15:58:30.568Z

Reserved: 2026-05-12T14:51:00.311Z

Link: CVE-2026-8403

cve-icon Vulnrichment

Updated: 2026-06-30T14:20:18.063Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T13:30:13Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')