Unrated severityNVD Advisory· Published Mar 10, 2020· Updated Aug 5, 2024

CVE-2019-19294

Description

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content.

Affected products

Siemens Foundation/Control Center Server (CCS)llm-fuzzy2 versions
< V1.5.0+ 1 more
- (no CPE)range: < V1.5.0
- (no CPE)range: All versions < V1.5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-761844.pdfmitrex_refsource_CONFIRM
cert-portal.siemens.com/productcert/pdf/ssa-844761.pdfmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000