Real Time Automation 460MCBS 5.2.14 Cross Site Scripting

CVE Category Price Severity
N/A CWE-79 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2023-03-12
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 0.00004 0.003675

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Real Time Automation 460MCBS 5.2.14 Cross Site Scripting
Exploit Title:  Real Time Automation 460MCBS Cross Site Scripting (XSS)
Date: 2023-03-09
Exploit Author: Yehia Elghaly
Vendor Homepage:
Software Link:
Version: Revision 5.2.14
Tested on: Real Time Automation 

Summary: The Real Time Automation  460MCBS moves data between up to 32 Modbus TCP Servers and a BACnet/IP Building Automation System (BAS). Its a perfect tool to tie Modbus TCP power meters, boilers, chillers and other devices into your BACnet/IP Building Automation System

Description: The attacker can able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.: XSS found on when insert a payload after(/)

Payload: ?c12yy<script>alert('XSSYF')</script>p1ax8=1

[Affected Component]

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum