Vulnerability Description
A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Loytec | Lvis-3Me Firmware | <= 6.1.1 |
| Loytec | Lvis-3Me | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100847Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/100847Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-13994?
CVE-2017-13994 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticate...
How severe is CVE-2017-13994?
CVE-2017-13994 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-13994?
Check the references section above for vendor advisories and patch information. Affected products include: Loytec Lvis-3Me Firmware, Loytec Lvis-3Me.