CVE-2019-11370

MEDIUM EXPLOITED NUCLEI

Carel pCOWeb <B1.2.4 - XSS

Title source: llm

Description

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.

Exploits (1)

exploitdb WORKING POC
by Luca.Chiou · textwebappshardware
https://www.exploit-db.com/exploits/46897

Nuclei Templates (1)

Carel pCOWeb <B1.2.4 - Cross-Site Scripting
MEDIUMVERIFIEDby arafatansari
Shodan: http.html:"pCOWeb" || http.html:"pcoweb"
FOFA: body="pcoweb"

References (2)

Scores

CVSS v3 5.4
EPSS 0.0762
EPSS Percentile 91.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2024-01-22
CWE
CWE-79
Status published
Products (1)
carel/pcoweb_card_firmware < b1.2.4
Published Jun 03, 2019
Tracked Since Feb 18, 2026