Stored Cross-Site Scripting (XSS) Vulnerability in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition Module 1.05
CVE-2018-18882 · LOW Severity
AV:N/AC:M/AU:S/C:N/I:P/A:N
A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface.
Learn more about our Web App Pen Testing.