CVE-2023-31160— Improper Neutralization of Input During Web Page Generation
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-31160
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Input During Web Page Generation
Source: NVD (National Vulnerability Database)
Vulnerability Description
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Schweitzer Engineering Laboratories Real Time Automation Controller 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Schweitzer Engineering Laboratories Real Time Automation Controller(SEL RTAC)是美国Schweitzer Engineering Laboratories公司的一个功能强大的多功能自动化平台。 Schweitzer Engineering Laboratories Real Time Automation Controller存在安全漏洞,该漏洞源于Web 界面中的存在不当输入验证,远程攻击者利用该漏洞可以执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 | R132-V0 ~ R150-V2 | - | |
| Schweitzer Engineering Laboratories | SEL-3505-3 | R132-V0 ~ R150-V2 | - | |
| Schweitzer Engineering Laboratories | SEL-3530 | R132-V0 ~ R150-V2 | - | |
| Schweitzer Engineering Laboratories | SEL-3530-4 | R132-V0 ~ R150-V2 | - | |
| Schweitzer Engineering Laboratories | SEL-3532 | R132-V0 ~ R150-V2 | - | |
| Schweitzer Engineering Laboratories | SEL-3555 | R134-V0 ~ R150-V2 | - | |
| Schweitzer Engineering Laboratories | SEL-3560S | R144-V2 ~ R150-V2 | - | |
| Schweitzer Engineering Laboratories | SEL-3560E | R144-V2 ~ R150-V2 | - | |
| Schweitzer Engineering Laboratories | SEL-2241 RTAC module | R132-V0 ~ R150-V2 | - | |
| Schweitzer Engineering Laboratories | SEL-3350 | R148-V0 ~ R150-V2 | - |
II. Public POCs for CVE-2023-31160
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-31160
请登录查看更多情报信息。
Same Patch Batch · Schweitzer Engineering Laboratories · 2023-05-10 · 20 CVEs total
| CVE-2023-31148 | 9.1 CRITICAL | Improper Input Validation in Web Interface |
| CVE-2023-31149 | 9.1 CRITICAL | Improper Input Validation in Web Interface |
| CVE-2023-31150 | 8.0 HIGH | Storing Passwords in a Recoverable Format |
| CVE-2023-2310 | 6.8 MEDIUM | Channel Accessible by Non-Endpoint |
| CVE-2023-31161 | 5.9 MEDIUM | Improper Input Validation in Web Interface |
| CVE-2023-31162 | 4.8 MEDIUM | Improper Input Validation in Web Interface |
| CVE-2023-31151 | 4.7 MEDIUM | Improper Certificate Validation |
| CVE-2023-31156 | 4.3 MEDIUM | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31153 | 4.3 MEDIUM | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31154 | 4.3 MEDIUM | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31155 | 4.3 MEDIUM | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31157 | 4.3 MEDIUM | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31158 | 4.3 MEDIUM | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31159 | 4.3 MEDIUM | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31163 | 4.3 MEDIUM | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31164 | 4.3 MEDIUM | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31165 | 4.3 MEDIUM | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31166 | 4.1 MEDIUM | Improper Limitation of a Pathname to a Restricted Directory |
| CVE-2023-31152 | 4.0 MEDIUM | Authentication Bypass Using an Alternate Path or Channel |
IV. Related Vulnerabilities
Same product: SEL-3505
- CVE-2023-31166
Improper Limitation of a Pathname to a Restricted Directory - CVE-2023-31165
Improper Neutralization of Input During Web Page Generation - CVE-2023-31164
Improper Neutralization of Input During Web Page Generation - CVE-2023-31163
Improper Neutralization of Input During Web Page Generation - CVE-2023-31162
Improper Input Validation in Web Interface
Same vendor: Schweitzer Engineering Laboratories
Same weakness: CWE-79
- CVE-2026-8262
Devs Palace ERP Online chart-save cross site scripting - CVE-2026-8256
Devs Palace ERP Online mr-save cross site scripting - CVE-2026-8255
Devs Palace ERP Online add_new_customer cross site scripting - CVE-2026-8254
Devs Palace ERP Online sales_save cross site scripting - CVE-2026-8253
Devs Palace ERP Online purchase_save cross site scripting
V. Comments for CVE-2023-31160
No comments yet