N/A

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application fails to sanitize user input, which may allow an attacker to inject script or execute arbitrary code (CROSS-SITE SCRIPTING).

N/A

N/A

多款Moxa产品跨站脚本漏洞

Moxa ioLogik E1210等都是摩莎（Moxa）公司的一套远程菊花链式以太网I/O监控产品。 多款Moxa产品中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入脚本或执行任意代码。以下产品和版本受到影响：Moxa使用固件2.4及之前版本的ioLogik E1210，固件版本2.3及之前的E1211，固件版本2.4及之前的E1212，固件版本2.5及之前的E1213，固件版本2.4及之前的E1214，固件版本2.4及之前的E1242，固件版本2.3及之前的E1240，固件版本2.4及之前的E1241，

N/A

跨站脚本