CVE-2019-18267

CVE-2019-18267

Vendor N/A
Product GE S2020/S2020G Fast Switch 61850
Weakness CWE-79 · XSS
Published December 18, 2019
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution.

Key dates

02Disclosure timeline

December 18, 2019 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE