Severity

9.6

Vulnerability Type

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Summary

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.

Impact

no impact information found