CVE-2024-3576
8.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Summary
The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Moxa | NPort 5100A Series | 1.0 <= 1.6 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.