CVE-2014-5382

Name of the Vulnerable Software and Affected Versions Schrack Technik microControl version 1.7.0 (937)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the web interface. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors.

Recommendations For version 1.7.0 (937), consider disabling access to the web interface until a fix is available, and restrict input to the position textbox in the configuration menu to minimize the risk of exploitation.