cbcvebase.
CVE-2023-24496
published 2023-07-06

CVE-2023-24496: Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP…

PriorityP422medium4.7CVSS 3.1
AVNACHPRNUIRSCCLILAN
EPSS
0.65%
46.6th percentile
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.

Affected

2 ranges
VendorProductVersion rangeFixed in
milesightmilesightvpn
milesightmilesightvpn
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.