CVE-2018-18991: XSS
First published: Tue Dec 04 2018(Updated: )
Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Spidercontrol Scada Webserver | <2.03.0001 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-18991?
CVE-2018-18991 is a vulnerability that allows an attacker to send a crafted URL containing JavaScript, which can be reflected off the web application to the victim's browser.
Which software versions are affected by CVE-2018-18991?
Versions of SCADA WebServer prior to 2.03.0001 are affected by CVE-2018-18991.
What is the severity of CVE-2018-18991?
CVE-2018-18991 has a severity rating of medium (6.1).
How can an attacker exploit CVE-2018-18991?
An attacker can exploit CVE-2018-18991 by sending a crafted URL containing JavaScript to the web application, which would then be reflected off to the victim's browser.
Are there any references for CVE-2018-18991?
Yes, you can find more information about CVE-2018-18991 at the following references: [1](http://www.securityfocus.com/bid/106105), [2](https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02).
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/spidercontrol
- canonical/spidercontrol scada webserver