Vulnerabilities > Socomec > Modulys GP Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-18 | CVE-2023-38255 | Unspecified vulnerability in Socomec Modulys GP Firmware 01.12.10 A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function of the device. | 6.1 |
| 2023-09-18 | CVE-2023-38582 | Unspecified vulnerability in Socomec Modulys GP Firmware 01.12.10 Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAIL_RCV. | 5.4 |