Lucene search

SELCVELIST:CVE-2023-2266

HistoryNov 30, 2023 - 4:57 p.m.

CVE-2023-2266 Improper neutralization of input during web page generation could lead to cross-site scripting based attacks

2023-11-3016:57:34

CWE-79

SEL

www.cve.org

cve-2023-2266

cross-site scripting

sel-411l

input neutralization

web page generation

security vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

17.0%

JSON

An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.

See product Instruction Manual Appendix A dated 20230830 for more details.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SEL-411L",
    "vendor": "Schweitzer Engineering Laboratories",
    "versions": [
      {
        "lessThan": "R118-V4",
        "status": "affected",
        "version": "R118-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R119-V5",
        "status": "affected",
        "version": "R119-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R120-V6",
        "status": "affected",
        "version": "R120-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R121-V3",
        "status": "affected",
        "version": "R121-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R122-V3",
        "status": "affected",
        "version": "R122-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R123-V3",
        "status": "affected",
        "version": "R123-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R124-V3",
        "status": "affected",
        "version": "R124-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R125-V3",
        "status": "affected",
        "version": "R125-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R126-V4",
        "status": "affected",
        "version": "R126-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R127-V2",
        "status": "affected",
        "version": "R127-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R128-V1",
        "status": "affected",
        "version": "R128-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R129-V1",
        "status": "affected",
        "version": "R129-V0",
        "versionType": "custom"
      }
    ]
  }
]

References

selinc.com/support/security-notifications/external-reports/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

17.0%

JSON

Related for CVELIST:CVE-2023-2266