exploitDog

CVE-2024-5410

Опубликовано: 28 мая 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.

Ссылки

http://seclists.org/fulldisclosure/2024/May/36
Exploit
Mailing List
Third Party Advisory
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2024/May/36
Exploit
Mailing List
Third Party Advisory
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:oringnet:iap-420_firmware:*:*:*:*:*:*:*:*

Версия до 2.01e (включая)

cpe:2.3:h:oringnet:iap-420:-:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02747

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

EPSS

Процентиль: 86%

0.02747

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79