CVE-2019-6835

MEDIUM

U.motion Server Firmware < 1.3.7 - Cross-Site Scripting

Title source: llm

Description

A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01

Scores

CVSS v3 5.4

EPSS 0.0029

EPSS Percentile 52.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (4)

schneider-electric/meg6260-0410_firmware < 1.3.7

schneider-electric/meg6260-0415_firmware < 1.3.7

schneider-electric/meg6501-0001_firmware < 1.3.7

schneider-electric/meg6501-0002_firmware < 1.3.7

Published Sep 17, 2019

Tracked Since Feb 18, 2026