CVE-2023-2381

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.1%

top 74.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Srx5308 Netgear Srx5308 Firmware

Timeline

PublishedApr 28

Description

A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=bandwidth_profile.htm of the component Web Management Interface. The manipulation of the argument BandWidthProfile.ProfileName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5netgear/srx53084.3.5-3

▶NVDnetgear/srx5308_firmware4.3.5-3

🔴Vulnerability Details

CVEList

Netgear SRX5308 Web Management Interface cross site scripting↗2023-04-28

▶

GHSA

GHSA-9pmc-x2f3-23jm: A vulnerability has been found in Netgear SRX5308 up to 4↗2023-04-28

▶