CWE
79
Advisory Published
Updated

CVE-2023-48255: XSS

First published: Wed Jan 10 2024(Updated: )

The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log.

Credit: psirt@bosch.com

Affected SoftwareAffected VersionHow to fix
All of
Bosch Nexo-os>=1000<=1500-sp2
Any of
Bosch Nexo Cordless Nutrunner Nxa011s-36v-b (0608842012)
Bosch Nexo Cordless Nutrunner Nxa011s-36v
Bosch Nexo Cordless Nutrunner Nxa015s-36v-b
Bosch Nexo Cordless Nutrunner Nxa015s-36v
Bosch Nexo Cordless Nutrunner Nxa030s-36v-b (0608842007)
Bosch Nexo Cordless Nutrunner Nxa030s-36v
Bosch Nexo Cordless Nutrunner Nxa050s-36v-b
Bosch Nexo Cordless Nutrunner Nxa050s-36v
Bosch Nexo Cordless Nutrunner Nxa065s-36v-b
Bosch Nexo Cordless Nutrunner Nxa065s-36v
Bosch Nexo Cordless Nutrunner Nxp012qd-36v-b
Bosch Nexo Cordless Nutrunner Nxp012qd-36v
Bosch Nexo Cordless Nutrunner Nxv012t-36v-b
Bosch Nexo Cordless Nutrunner Nxv012t-36v (0608842015)
Bosch Nexo Special Cordless Nutrunner
Bosch Nexo Special Cordless Nutrunner
Bosch Nexo Special Cordless Nutrunner
Bosch Nexo Special Cordless Nutrunner
Bosch Nexo Special Cordless Nutrunner (0608pe2666)
Bosch Nexo Special Cordless Nutrunner

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2023-48255?

    CVE-2023-48255 is categorized as a critical vulnerability due to its potential for remote exploitation and execution of arbitrary script code.

  • How do I fix CVE-2023-48255?

    To remediate CVE-2023-48255, users should update their Bosch Nexo OS to a version that addresses the vulnerability as specified in the vendor's security advisory.

  • What types of attacks can be performed through CVE-2023-48255?

    An unauthenticated remote attacker can exploit CVE-2023-48255 by sending malicious network requests that trigger script code execution in the victim's session.

  • Which products are affected by CVE-2023-48255?

    CVE-2023-48255 primarily affects Bosch Nexo OS versions between 1000 and 1500-sp2.

  • Is CVE-2023-48255 easy to exploit?

    Yes, CVE-2023-48255 is considered easy to exploit, as it allows attackers to remotely execute code without prior authentication.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203