CVE-2023-24496: XSS
First published: Thu Jul 06 2023(Updated: )
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.
Credit: talos-cna@cisco.com talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Milesight Milesightvpn | =2.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2023-24496.
What is the severity rating of CVE-2023-24496?
CVE-2023-24496 has a severity rating of 4.7 (medium).
What is the affected software?
The affected software is Milesight VPN v2.0.2.
What is the CWE classification of CVE-2023-24496?
CVE-2023-24496 is classified under CWE-79, CWE-94, and CWE-80.
How can an attacker exploit CVE-2023-24496?
An attacker can exploit CVE-2023-24496 by sending a specially-crafted HTTP request to the detail_device functionality of Milesight VPN v2.0.2, which can lead to arbitrary JavaScript code injection (Cross-Site Scripting).
- collector/nvd-index
- agent/author
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- vendor/milesight
- canonical/milesight milesightvpn
- version/milesight milesightvpn/2.0.2