CVE-2024-41725

Summary

ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting.

Affected Software

VendorProductVersion RangeStatus
Dover Fueling Solutions (DFS)ProGauge MAGLINK LX CONSOLE0 <= 3.4.2.2.6affected
Dover Fueling Solutions (DFS)ProGauge MAGLINK LX4 CONSOLE0 <= 4.17.9eaffected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting

Workarounds

DFS strongly encourages users of MagLink products to:

  • Install MagLink consoles behind firewalls for security.

  • Monitor and install updates on a timely basis.

  • Contact DFS customer support with any questions about operations or updates of MagLink software.

Alternatively, MagLink may operate offfline or disconnected from a network.

Registered MagLink customers have access to technical information, updates, and technical bulletins via a DFS proprietary portal.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References