CVE-2012-1990
Schneider Electric Kerweb < 3.0.1 and Kerwin < 6.0.1 - Cross-Site Scripting via evtvariablename Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-1990. PoCs published by phocean.
AI-analyzed exploit summary This is a writeup describing an HTML-injection vulnerability in Schneider Electric Telecontrol products. It details the affected versions and provides a URL example demonstrating the XSS vulnerability.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields.
Exploits (1)
This is a writeup describing an HTML-injection vulnerability in Schneider Electric Telecontrol products. It details the affected versions and provides a URL example demonstrating the XSS vulnerability.