exploitDog

CVE-2025-24344

Опубликовано: 30 апр. 2025

Источник: nvd

CVSS3: 6.3

EPSS Низкий

Описание

A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request.

Ссылки

https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html

EPSS

Процентиль: 13%

0.00044

Низкий

6.3 Medium

CVSS3

Дефекты

CWE-81

Связанные уязвимости

GHSA-ghw9-h2f5-fq79

CVSS3: 6.3

github

9 месяцев назад

A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request.

EPSS

Процентиль: 13%

0.00044

Низкий

6.3 Medium

CVSS3

Дефекты

CWE-81