Description
A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- Bosch Rexroth AG / ctrlX OS - Solutions1.12.0 – 1.12.1
- Bosch Rexroth AG / ctrlX OS - Solutions1.20.0 – 1.20.1
- Bosch Rexroth AG / ctrlX OS - Solutions2.6.0 – 2.6.0