CVE-2023-2388

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.1%

top 74.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Srx5308 Netgear Srx5308 Firmware

Timeline

PublishedApr 28

Description

A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerabi…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5netgear/srx53084.3.5-3

▶NVDnetgear/srx5308_firmware4.3.5-3

🔴Vulnerability Details

CVEList

Netgear SRX5308 Web Management Interface cross site scripting↗2023-04-28

▶

GHSA

GHSA-2jfh-rvm8-7qg4: A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4↗2023-04-28

▶