CVE-2023-41922
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Kiloview P1/P2 devices
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.2EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
02 jul 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A 'Cross-site Scripting' (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation, resulting in multiple instances of Stored XSS vulnerabilities.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Productos afectados
Kiloview · P1/P2¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →