Cross-Site Scripting (XSS) Vulnerability in GE UR Firmware Web Interface

Cross-Site Scripting (XSS) Vulnerability in GE UR Firmware Web Interface

CVE-2021-27418 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.

Learn more about our Web App Pen Testing.