CVE-2023-31177

Summary

An Improper Neutralization of Input During Web Page Generation  ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system.

See product Instruction Manual Appendix A dated 20230830 for more details.

Affected Software

VendorProductVersion RangeStatus
Schweitzer Engineering LaboratoriesSEL-451R315-V0 < R315-V4affected
Schweitzer Engineering LaboratoriesSEL-451R316-V0 < R316-V4affected
Schweitzer Engineering LaboratoriesSEL-451R317-V0 < R317-V4affected
Schweitzer Engineering LaboratoriesSEL-451R318-V0 < R318-V5affected
Schweitzer Engineering LaboratoriesSEL-451R320-V0 < R320-V3affected
Schweitzer Engineering LaboratoriesSEL-451R321-V0 < R321-V3affected
Schweitzer Engineering LaboratoriesSEL-451R322-V0 < R322-V3affected
Schweitzer Engineering LaboratoriesSEL-451R323-V0 < R323-V5affected
Schweitzer Engineering LaboratoriesSEL-451R324-V0 < R324-V4affected
Schweitzer Engineering LaboratoriesSEL-451R325-V0 < R325-V3affected
Schweitzer Engineering LaboratoriesSEL-451R326-V0 < R326-V1affected
Schweitzer Engineering LaboratoriesSEL-451R327-V0 < R327-V1affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References