QwikSec

Security Database

CVE

CWE

Training

CVE-2023-28651

Published: Jun 1, 2023

Modified: Jan 9, 2025

PUBLISHED

Description

Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege.

Vendor	Product	Versions
Contec Co., Ltd.	CONPROSYS HMI System (CHS)	affected `versions prior to 3.5.3`

References

https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf

https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf

https://jvn.jp/en/vu/JVNVU93372935/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.