Description
Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70847
Various Sources
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-275-01.json
Vendor Advisory x_refsource_confirm
http://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1404-lantime-web-interface-cross-site-scripting-vulnerability.htm
Third Party Advisory, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-14-275-01
Various Sources
http://news.meinberg.de/259
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-275-01
Scores
EPSS
0.0263
EPSS Percentile
85.8%
Details
CWE
CWE-79
Status
published
Products (10)
meinberg/lantime_m100
< 6.15.0.19
meinberg/lantime_m200
< 6.15.0.19
meinberg/lantime_m300
< 6.15.0.19
meinberg/lantime_m3000
< 6.15.0.19
meinberg/lantime_m400
< 6.15.0.19
meinberg/lantime_m600
< 6.15.0.19
meinberg/lantime_m900
< 6.15.0.19
meinberg/ntp_server_firmware
Meinberg Radio Clocks/LANTIME M-Series
< 6.15.019
Meinberg Radio Clocks/LANTIME M-Series
6.15.020
Published
Nov 05, 2014
Tracked Since
Feb 18, 2026