Cyber Controller
Monthly
HTML injection in Radware Cyber Controller's HTML Report Generation component allows authenticated remote attackers to embed arbitrary HTML tags - including script-related content - into generated reports, enabling potential cross-site scripting scenarios targeting users who view those reports. All 10.x releases through 10.11.0 are confirmed affected per ENISA EUVD-2026-38198. A public proof-of-concept exploit has been disclosed (CVSS 4.0 E:P); the vendor was notified but did not respond, leaving no vendor-released patch available at time of analysis.
HTML injection in Radware Cyber Controller's HTML Report Generation component allows authenticated remote attackers to embed arbitrary HTML tags - including script-related content - into generated reports, enabling potential cross-site scripting scenarios targeting users who view those reports. All 10.x releases through 10.11.0 are confirmed affected per ENISA EUVD-2026-38198. A public proof-of-concept exploit has been disclosed (CVSS 4.0 E:P); the vendor was notified but did not respond, leaving no vendor-released patch available at time of analysis.