Medium severity6.1NVD Advisory· Published Oct 5, 2017· Updated May 13, 2026

CVE-2017-13994

Description

A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link.

Affected products

Loytec/Lvis 3me Firmware
cpe:2.3:o:loytec:lvis-3me_firmware:*:*:*:*:*:*:*:*
Range: <=6.1.1
N/A/Loytec Lvis 3mev5
Range: LOYTEC LVIS-3ME

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/100847nvdThird Party AdvisoryVDB Entry
ics-cert.us-cert.gov/advisories/ICSA-17-257-01nvdThird Party AdvisoryUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000