CVE-2017-5157

MEDIUM

Schneider Electric homeLYnk Controller <V1.5.0 - XSS

Title source: llm

Description

An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95665

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01

Scores

CVSS v3 6.1

EPSS 0.0021

EPSS Percentile 42.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

schneider_electric/homelynk_controller_lss100100_firmware

n/a/Schneider Electric homeLYnk Controller prior to V1.5.0 < Schneider Electric homeLYnk Controller prior to V1.5.0

Timeline

Published Feb 13, 2017

Tracked Since Feb 18, 2026