Detections
Analytics
Ecava IntegraXor < 3.60.4080 Cross-Site Scripting
low Nessus Network Monitor Plugin ID 8401
Synopsis
A vulnerable version of Ecava IntegraXor has been detected.Description
Ecava IntegraXor versions prior to 3.60.4080 contain multiple reflective cross-site scripting vulnerabilities. An attacker could inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.Solution
Upgrade to IntegraXor version 3.60.4080 or later.See Also
http://www.nessus.org/u?063b0edb
http://www.integraxor.com/blog/security-issue-xss-vulnerability-note
http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf
Plugin Details
Severity: Low
ID: 8401
Family: SCADA
Published: 9/23/2014
Updated: 3/6/2019
Nessus ID: 55025
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.6
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS v3
Risk Factor: Low
Base Score: 3.7
Temporal Score: 3.5
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:ecava:integraxor
Patch Publication Date: 5/9/2011
Vulnerability Publication Date: 5/27/2011
Reference Information
CVE: CVE-2011-2958
BID: 48958