CVE-2015-6494

Infinite Automation Systems Mango Automation - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

exploitdb WORKING POC

webappsjsp

https://www.exploit-db.com/exploits/38338

View Code ZIP pw:eip

References (1)

[Patch, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02

Scores

EPSS 0.0130

EPSS Percentile 79.8%

Details

CWE

CWE-79

Status published

Products (3)

infinite_automation_systems/mango_automation 2.5.0

infinite_automation_systems/mango_automation 2.5.5

infinite_automation_systems/mango_automation 2.6.0

Published Oct 28, 2015

Tracked Since Feb 18, 2026