Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb prior to 3.0.1 and Kerwin prior to 6.0.1 allow remote malicious users to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
schneider-electric kerwin |
||
schneider-electric kerweb |