Description
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields.
Exploits (1)
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53409
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49041
Various Sources x_refsource_misc
http://www.phocean.net/2012/05/08/cve-2012-1990-kerwebkerwin-xss-vulnerabilities.html
Scores
EPSS
0.0039
EPSS Percentile
59.8%
Details
CWE
CWE-79
Status
published
Products (2)
schneider-electric/kerweb
< 3.0
schneider-electric/kerwin
< 6.0
Published
May 22, 2012
Tracked Since
Feb 18, 2026