Description
Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.
Exploits (1)
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44749/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68838
Scores
EPSS
0.0243
EPSS Percentile
85.3%
Details
CWE
CWE-79
Status
published
Products (2)
honeywell/falcon_xlweb_linux_controller
< 2.04.01
honeywell/falcon_xlweb_xlwebexe
< 2.02.11
Published
Jul 24, 2014
Tracked Since
Feb 18, 2026