In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in...
Critical severity
Unreviewed
Published
Aug 8, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Aug 8, 2023
Published to the GitHub Advisory Database
Aug 8, 2023
Last updated
Apr 4, 2024
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
References