CVE-2023-45227

Summary

An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter.

Affected Software

VendorProductVersion RangeStatus
WestermoLynxL206-F2G1affected
WestermoLynx4.24affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting

Workarounds

Westermo recommends following best practices for hardening, such as restricting access, disable unused services (attack surface reduction), etc., to mitigate the reported vulnerabilities.  The reported cross-site scripting will be mitigated in a future report.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References