CVE-2017-14850
Description
Stored XSS in Orpak SiteOmat web console prior to 6.4.414.084 allows attackers to hijack sessions or redirect victims to malicious sites.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in Orpak SiteOmat web console prior to 6.4.414.084 allows attackers to hijack sessions or redirect victims to malicious sites.
Vulnerability
Stored Cross-site Scripting (XSS) vulnerability in the Orpak SiteOmat web management console. The application fails to properly neutralize user-controllable input, allowing injection of arbitrary scripts. Affected versions: SiteOmat prior to 6.4.414.084 [1].
Exploitation
An attacker with network access to the web interface can inject malicious scripts into stored fields. When other users view the affected pages, the script executes in their browser. User interaction (e.g., viewing a page) is required for execution [1].
Impact
Successful exploitation allows an attacker to hijack active user sessions, perform actions on behalf of the victim, or redirect victims to malicious external servers. The CVSS v3 base score is 6.1 (medium) with impacts to confidentiality and integrity (low) and scope change [1].
Mitigation
Orpak (now part of Gilbarco Veeder-Root) released a fix in version 6.4.414.084. Users should upgrade to that version or later. No workarounds are mentioned in the advisory [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Orpak/Orpak SiteOmat web management consoledescription
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- www.securityfocus.com/bid/108167nvdThird Party AdvisoryVDB Entry
- ics-cert.us-cert.gov/advisories/ICSA-19-122-01nvdThird Party AdvisoryUS Government Resource
- www.orpak.comnvdVendor Advisory
News mentions
0No linked articles in our index yet.