MEDIUM🇬🇧 English

CVE-2023-42765

CVSS 5.4v3.1pub. 2024-02-06upd. 2024-11-21

An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
  • Westermo L206 F2g

    HW
    Westermo
    wszystkie wersje
  • Westermo L206 F2g Firmware

    OS
    Westermo
    4.24
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2023-38579HIGH8.0ten sam produkt

The cross-site request forgery token in the request may be predictable or easily guessable allowi...

CVE-2023-45735HIGH8.0ten sam produkt

A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that c...

CVE-2023-40544MEDIUM5.7ten sam produkt

An attacker with access to the network where the affected devices are located could maliciously act...

CVE-2023-45222MEDIUM5.4ten sam produkt

An attacker with access to the web application that has the vulnerable software could introduce arbitrary J...

CVE-2023-45227MEDIUM5.4ten sam produkt

An attacker with access to the web application with vulnerable software could introduce arbitra...