Vulnerability Description
Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Contec | Conprosys Hmi System | < 3.5.3 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU93372935/Third Party Advisory
- https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/seVendor Advisory
- https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/supportVendor Advisory
- https://jvn.jp/en/vu/JVNVU93372935/Third Party Advisory
- https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/seVendor Advisory
- https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/supportVendor Advisory
FAQ
What is CVE-2023-28651?
CVE-2023-28651 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially cra...
How severe is CVE-2023-28651?
CVE-2023-28651 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28651?
Check the references section above for vendor advisories and patch information. Affected products include: Contec Conprosys Hmi System.