CVE-2019-13923

CRITICAL Year: 2019
CVSS v3 Score
9.6
Critical
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-80
View all →

Vulnerability Description

A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.

Related Vulnerabilities

CVE-2020-13562

CRITICAL
CVSS:9.6(Critical)

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a craft...

CWE-802020

CVE-2020-13563

CRITICAL
CVSS:9.6(Critical)

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a craft...

CWE-802020

CVE-2020-13564

CRITICAL
CVSS:9.6(Critical)

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a craft...

CWE-802020

CVE-2024-39363

CRITICAL
CVSS:9.6(Critical)

A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure ...

CWE-802024

CVE-2023-39216

CRITICAL
CVSS:9.8(Critical)

Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.

CWE-802023

CVE-2022-21145

CRITICAL
CVSS:9.1(Critical)

A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code in...

CWE-802022