Cross-Site Scripting (XSS) Vulnerability in Climatix POL909 (AWB and AWM modules)

Cross-Site Scripting (XSS) Vulnerability in Climatix POL909 (AWB and AWM modules)

CVE-2021-41542 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.

Learn more about our Web App Pen Testing.