Severity

4.8

Vulnerability Type

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Summary

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).