Skip to main content

SYSGUARD 6001 EUVDEUVD-2026-40298

| CVE-2026-8403 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-06-30 TR-CERT GHSA-5gw8-w8f7-pfc3
6.1
CVSS 3.1 · Vendor: TR-CERT
Share

Severity by source

Vendor (TR-CERT) PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
6.1 MEDIUM

Network-reachable web interface requires no authentication to inject; victim must view page for execution; scope change reflects browser context boundary crossing with limited confidentiality and integrity impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (TR-CERT).

CVSS VectorVendor: TR-CERT

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Patch available
Jun 30, 2026 - 14:01 EUVD
Analysis Generated
Jun 30, 2026 - 12:51 vuln.today

DescriptionCVE.org

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS.

This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0.

NOTE: The vendor was contacted and it was learned that the product is not supported.

AnalysisAI

Stored cross-site scripting in SYSGUARD 6001 (versions 2.0.2 through before 6.1.4.0) by Eksagate Electronic Engineering and Computer Industry Trade Inc. permits remote unauthenticated attackers to inject persistent malicious scripts into the product's web interface, which execute in the browsers of any user who subsequently views the affected page. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify SYSGUARD 6001 web interface on network
Delivery
Submit crafted XSS payload unauthenticated
Exploit
Payload persisted server-side
Execution
Victim administrator browses affected page
Persist
Malicious script executes in victim browser
Impact
Exfiltrate session token or perform privileged actions

Vulnerability AssessmentAI

Exploitation The CVSS vector (PR:N) indicates no authentication is required to submit the malicious stored payload to the SYSGUARD 6001 web interface. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 score of 6.1 (Medium) is driven by AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated remote attacker identifies an input field on SYSGUARD 6001's web interface that lacks output encoding, then submits a crafted JavaScript payload that is persisted server-side. When an administrator later logs in and navigates to the affected page, the stored script executes in their browser, allowing the attacker to steal the session token and perform actions with administrator-level privileges in the management interface.
Remediation No vendor-released patch will be provided - the vendor confirmed end-of-life status and the product is unsupported. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40298 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy