Headline
ABB Cylon Aspect 3.08.02 (tscConfiguration.php) Authenticated Reflected XSS
The ABB BMS/BAS controller suffers from an authenticated reflected cross-site scripting vulnerability. Input passed to the GET parameter ‘port’ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user’s browser session in context of an affected site.