CVE-2023-24496
CVE-2023-24496
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.7EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
06 jul 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Milesight · MilesightVPN¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →