CVE-2023-31177
4.3
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system.
See product Instruction Manual Appendix A dated 20230830 for more details.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-451 | R315-V0 < R315-V4 | affected |
| Schweitzer Engineering Laboratories | SEL-451 | R316-V0 < R316-V4 | affected |
| Schweitzer Engineering Laboratories | SEL-451 | R317-V0 < R317-V4 | affected |
| Schweitzer Engineering Laboratories | SEL-451 | R318-V0 < R318-V5 | affected |
| Schweitzer Engineering Laboratories | SEL-451 | R320-V0 < R320-V3 | affected |
| Schweitzer Engineering Laboratories | SEL-451 | R321-V0 < R321-V3 | affected |
| Schweitzer Engineering Laboratories | SEL-451 | R322-V0 < R322-V3 | affected |
| Schweitzer Engineering Laboratories | SEL-451 | R323-V0 < R323-V5 | affected |
| Schweitzer Engineering Laboratories | SEL-451 | R324-V0 < R324-V4 | affected |
| Schweitzer Engineering Laboratories | SEL-451 | R325-V0 < R325-V3 | affected |
| Schweitzer Engineering Laboratories | SEL-451 | R326-V0 < R326-V1 | affected |
| Schweitzer Engineering Laboratories | SEL-451 | R327-V0 < R327-V1 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CVE Program Container
Additional References
- https://selinc.com/support/security-notifications/external-reports/
- https://www.nozominetworks.com/blog/
References
- https://selinc.com/support/security-notifications/external-reports/
- https://www.nozominetworks.com/blog/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.