CVE-2015-6494

Infinite Automation Systems Mango Automation - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

exploitdb WORKING POC

webappsjsp

https://www.exploit-db.com/exploits/38338

View on exploitdb

References (1)

[Patch, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02

Scores

EPSS 0.0096

EPSS Percentile 76.2%

Classification

CWE

CWE-79

Status draft

Affected Products (3)

infinite_automation_systems/mango_automation

Timeline

Published Oct 28, 2015

Tracked Since Feb 18, 2026