First published: Fri Oct 15 2021(Updated: )
Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitsubishielectric Smartrtu Firmware | ||
Mitsubishielectric Smartrtu | ||
All of | ||
Mitsubishielectric Smartrtu Firmware | ||
Mitsubishielectric Smartrtu |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-16061 is a vulnerability that allows XSS (Cross-Site Scripting) attacks in Mitsubishi Electric SmartRTU devices via the username parameter or PATH_INFO to login.php.
The severity of CVE-2018-16061 is medium with a CVSS score of 6.1.
An XSS attack can be performed by exploiting the username parameter or PATH_INFO to login.php in Mitsubishi Electric SmartRTU devices.
There is no specific information available about a fix for CVE-2018-16061. It is recommended to contact the vendor for further guidance.
More information about CVE-2018-16061 can be found at the following references: [Link 1](http://packetstormsecurity.com/files/164537/Mitsubishi-Electric-INEA-SmartRTU-Cross-Site-Scripting.html), [Link 2](https://drive.google.com/open?id=1DEZQqfpIgcflY2cF6O0y7vtlWYe8Wjjv).