CVE-2014-3110
Honeywell FALCON XLWeb Linux Controller < 2.04.01 and XLWebExe < 2.02.11 - Cross-Site Scripting
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-3110. PoCs published by t4rkd3vilz.
AI-analyzed exploit summary This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in Honeywell XL Web Controller by injecting malicious JavaScript via the LocaleID parameter in a POST request. The payload triggers an XSS alert, confirming the vulnerability.
Description
Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.
Exploits (1)
This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in Honeywell XL Web Controller by injecting malicious JavaScript via the LocaleID parameter in a POST request. The payload triggers an XSS alert, confirming the vulnerability.