CVE-2019-14928

MEDIUM

Mitsubishielectric Smartrtu Firmware < 2.02 - XSS

Title source: rule

Description

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page.

References (2)

Core 2

Core References

Third Party Advisory

https://www.mogozobo.com/

Exploit, Third Party Advisory

https://www.mogozobo.com/?p=3593

Scores

CVSS v3 5.4

EPSS 0.0207

EPSS Percentile 84.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

inea/me-rtu_firmware < 3.0

mitsubishielectric/smartrtu_firmware < 2.02

Published Oct 28, 2019

Tracked Since Feb 18, 2026