exploitDog

CVE-2023-24496

Опубликовано: 06 июл. 2023

Источник: nvd

CVSS3: 4.7

EPSS Низкий

Описание

Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1704

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:milesight:milesightvpn:2.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00145

Низкий

4.7 Medium

CVSS3

Дефекты

CWE-80

Связанные уязвимости

GHSA-x58f-rjp3-rh75

CVSS3: 8.3

github

больше 2 лет назад

Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.

EPSS

Процентиль: 35%

0.00145

Низкий

4.7 Medium

CVSS3

Дефекты

CWE-80