CVE-2019-16344

MEDIUM

6.1

CVSS Severity Score

EPSS Score0.1270%

EPSS Percentile21.51th

PublishedOct 14, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter.

Affected Platforms (CPE)

📦

Scadabr

= 1.0ce

References & Advisories

🔗 https://fabiantronc.wordpress.com/2019/10/11/xss-on-scadabr-1-0ce/

Related Vulnerabilities

CVE-2021-268288.8

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbit...

CVE-2019-163216.1

ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH...

CVE-2021-268295.4

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...