Security Advisory

CVE-2023-28651

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-06-01 00:00:00

Last updated 2025-01-09 20:52:29

Assigner jpcert

State PUBLISHED

Description

Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege.

← Browse all CVEs View on cve.org ↗