Описание
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:niceforyou:linear_emerge_e3_access_control_firmware:0.32-07e:*:*:*:*:*:*:*
cpe:2.3:o:niceforyou:linear_emerge_e3_access_control_firmware:0.32-07p:*:*:*:*:*:*:*
cpe:2.3:o:niceforyou:linear_emerge_e3_access_control_firmware:0.32-08e:*:*:*:*:*:*:*
cpe:2.3:o:niceforyou:linear_emerge_e3_access_control_firmware:0.32-08f:*:*:*:*:*:*:*
cpe:2.3:o:niceforyou:linear_emerge_e3_access_control_firmware:0.32-09a:*:*:*:*:*:*:*
cpe:2.3:o:niceforyou:linear_emerge_e3_access_control_firmware:0.32-09b:*:*:*:*:*:*:*
cpe:2.3:o:niceforyou:linear_emerge_e3_access_control_firmware:0.32-09c:*:*:*:*:*:*:*
cpe:2.3:h:niceforyou:linear_emerge_e3_access_control:-:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08307
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-384
CWE-384
Связанные уязвимости
CVSS3: 6.1
github
около 3 лет назад
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors.
EPSS
Процентиль: 92%
0.08307
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-384
CWE-384