CVE-2023-24496
4.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Milesight | MilesightVPN | v2.0.2 | affected |
Weaknesses
- CWE-80: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1704
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.