CVE-2016-5811

MEDIUM

Visionic PowerLink2 <October 2016 - XSS

Title source: llm

Description

An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. User controlled input is not neutralized prior to being placed in web page output (CROSS-SITE SCRIPTING).

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94894

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-16-348-01

Scores

CVSS v3 6.1

EPSS 0.0018

EPSS Percentile 39.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

visonic/powerlink2_firmware

n/a/Visonic PowerLink2 < Visonic PowerLink2

Timeline

Published Feb 13, 2017

Tracked Since Feb 18, 2026