In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.

By embedding a crafted file into the Logs > Remote logging page, an authenticated user with Admin role can read and/or modify settings only accessible to users with Super Admin role (e.g. user settings, LDAP settings). A successful exploit requires that a user with Super Admin role views the Logs > Remote logging page.
A user with Admin role has no access to the settings on the Basic settings > LDAP page, and can therefore exploit the vulnerability only on the Logs > Remote logging page.
By embedding a crafted file into the Basic settings > LDAP or Logs > Remote logging page, an authenticated user can modify settings as another user, thereby misrepresenting the identity of the user who made the modifications in the logs. A successful exploit requires the other user to view the Basic settings > LDAP or Logs > Remote logging page.