Vulnerability: Carel pCOWeb <B1.2.4 - Cross-Site Scripting

Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pw_snmp.html “System contact” field.

Impact

Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.

Severity

medium

Verified

Unknown