exploitDog

GHSA-wc34-fgpq-8hg7

Опубликовано: 28 мар. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 2

CVSS3: 6.1

Описание

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).

Ссылки

EPSS

Процентиль: 38%

0.00167

Низкий

2 Low

CVSS4

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-2864

CVSS3: 6.1

nvd

11 месяцев назад

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).

EPSS

Процентиль: 38%

0.00167

Низкий

2 Low

CVSS4

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79