VDB
CVE-2021-27418
CVE-2021-27418
PUBLISHED
CVSS 5.300000190734863 MEDIUM
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.
EPSS 0.18% · 39.8th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.18%
39.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ge | multilin_c60_firmware | 0 |
| ge | multilin_c95_firmware | 0 |
| ge | multilin_d60_firmware | 0 |
| ge | multilin_f60_firmware | 0 |
| ge | multilin_b30_firmware | 0 |
| ge | multilin_t35_firmware | 0 |
| ge | multilin_c30_firmware | 0 |
| ge | multilin_n60_firmware | 0 |
| ge | multilin_g30_firmware | 0 |
| ge | multilin_b90_firmware | 0 |
| GE | UR family | unspecified |
| ge | multilin_m60_firmware | 0 |
| ge | multilin_c70_firmware | 0 |
| ge | multilin_f35_firmware | 0 |
| ge | multilin_l30_firmware | 0 |
| ge | multilin_l60_firmware | 0 |
| ge | multilin_g60_firmware | 0 |
| ge | multilin_t60_firmware | 0 |
| ge | multilin_l90_firmware | 0 |
| ge | multilin_d30_firmware | 0 |
Exploit Intelligence
Timeline
- Mar 23, 2022 CVE Published
- Mar 24, 2022 EPSS Score
- May 14, 2022 EPSS Score
- Jul 4, 2022 EPSS Score
- Aug 25, 2022 EPSS Score
- Oct 15, 2022 EPSS Score
- Dec 5, 2022 EPSS Score
- Jan 25, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 17, 2023 EPSS Score
- May 6, 2023 EPSS Score
- Jun 26, 2023 EPSS Score