CVE-2016-1488

Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:h:siemens:ozw672:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ozw672_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:h:siemens:ozw772:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ozw772_firmware:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-01-30 12:59

Updated : 2024-02-04 18:53


NVD link : CVE-2016-1488

Mitre link : CVE-2016-1488

CVE.ORG link : CVE-2016-1488


JSON object : View

Products Affected

siemens

  • ozw672_firmware
  • ozw672
  • ozw772
  • ozw772_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')