← back
CVE-2023-28651

CVE-2023-28651

CVSS 4.8 MEDIUMEPSS 64.8%CWE-79
Vexday Risk Score
25Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.8EPSS 64.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
01 Jun 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Affected products
Contec Co., Ltd. · CONPROSYS HMI System (CHS)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/vu/JVNVU93372935/https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdfhttps://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf