CVE-2015-6466
Moxa EDS-405A and EDS-408A Firmware < 3.4 - Cross-Site Scripting via Diagnosis Ping Feature
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-246-03
Patch x_refsource_confirm
http://www.moxa.com/support/download.aspx?type=support&id=328
Scores
EPSS
0.0107
EPSS Percentile
78.0%
Details
CWE
CWE-79
Status
published
Products (2)
moxa/eds-405a_firmware
< 3.4
moxa/eds-408a_firmware
< 3.4
Published
Sep 11, 2015
Tracked Since
Feb 18, 2026