CyberSec.Space Logo
Back to CVE Browser

CVE-2014-5382

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1590%
EPSS Percentile7.49th
PublishedAug 20, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors.

Affected Platforms (CPE)

πŸ’»
Schrack

Technik Microcontrol Firmware

= 1.7.0\(937\)
πŸ”Œ
Schrack

Technik Microcontrol

All versions

References & Advisories

πŸ”— http://seclists.org/fulldisclosure/2014/Jul/40
πŸ”— https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt
πŸ”— http://seclists.org/fulldisclosure/2014/Jul/40
πŸ”— https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt

Related Vulnerabilities

CVE-2014-832910.0

Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient ac...

CVE-2014-53967.5

The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" ...

CVE-2014-065910.0

The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2...

CVE-2014-120110.0

Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2...