Nortek.Linear.eMerge.E3.Badge.Template.XSS
Description
This indicates an attack attempt to exploit a Cross-Site Scripting vulnerability in Nortek Linear eMerge E3.
This vulnerability is due to improper input validation of the parameter passed to "badge_template_v0.php". A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in the execution of arbitrary script code in the victim's browser.
Affected Products
Nortek Linear eMerge E3-Series firmware 1.00-06 and prior
Impact
System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |