CVE-2023-28651: XSS
First published: Thu Jun 01 2023(Updated: )
Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Contec CONPROSYS HMI System (CHS) | <3.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-28651?
CVE-2023-28651 has been classified with a high severity due to its potential for cross-site scripting attacks.
How do I fix CVE-2023-28651?
To fix CVE-2023-28651, upgrade your CONPROSYS HMI System to version 3.5.3 or later.
Who is affected by CVE-2023-28651?
CVE-2023-28651 affects users of the CONPROSYS HMI System prior to version 3.5.3 who have administrative privileges.
What impact does CVE-2023-28651 have?
The impact of CVE-2023-28651 includes the potential execution of arbitrary scripts in the web browsers of other users.
Is there a workaround for CVE-2023-28651?
The primary mitigation for CVE-2023-28651 is to upgrade to the latest version, as no specific workaround is provided.
- collector/nvd-latest
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/author
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/contec
- canonical/contec conprosys hmi system (chs)