Areal Topkapi Webserv2 Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the Spreadsheet view of Areal Topkapi Webserv2, affecting versions through 6.2.5474. This vulnerability allows remote, unauthorized attackers to inject malicious scripts that could be executed in the context of the user’s session. Exploitation could lead to a denial-of-service condition on the affected spreadsheet page, causing it to become unresponsive, while other spreadsheet pages function normally. The issue arises from inadequate validation of 'text' variables in the industrial network, which can be manipulated to introduce harmful scripts.

Impact

Exploitation of this vulnerability could result in cross-site scripting, allowing for the injection of malicious scripts that could be executed in the context of the user's session. Additionally, it could cause a denial-of-service condition on the affected spreadsheet page, making it unresponsive while other spreadsheet pages remain functional.

Remediation

Users can upgrade to Areal Topkapi Webserv2 version 6.2.5592 or later to address this vulnerability.