CVE-2023-2266

AnImproper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411Lcould allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.



See product Instruction Manual Appendix A dated 20230830 for more details.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
SELCNA
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
selincsel-411l_firmware
r118-v0 ≤
𝑥
< r118-v4
selincsel-411l_firmware
r119-v0 ≤
𝑥
< r119-v5
selincsel-411l_firmware
r120-v0 ≤
𝑥
< r120-v6
selincsel-411l_firmware
r121-v0 ≤
𝑥
< r121-v3
selincsel-411l_firmware
r122-v0 ≤
𝑥
< r122-v3
selincsel-411l_firmware
r123-v0 ≤
𝑥
< r123-v3
selincsel-411l_firmware
r124-v0 ≤
𝑥
< r124-v3
selincsel-411l_firmware
r125-v0 ≤
𝑥
< r125-v3
selincsel-411l_firmware
r126-v0 ≤
𝑥
< r126-v4
selincsel-411l_firmware
r127-v0 ≤
𝑥
< r127-v2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://selinc.com/support/security-notifications/external-reports/
https://selinc.com/support/security-notifications/external-reports/