CVE-2023-40290 — Cross-site Scripting in X11sae-f Firmware

CWE-79 — Cross-site Scripting CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)3 documents3 sources

Severity

8.3HIGHNVD

EPSS

0.7%

top 27.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Supermicro X11sae-f Firmware Supermicro X11sse-f Firmware Supermicro X11ssm-f Firmware

Timeline

PublishedMar 27

Description

An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages3 packages

▶NVDsupermicro/x11sae-f_firmware1.66

▶NVDsupermicro/x11sse-f_firmware1.66

▶NVDsupermicro/x11ssm-f_firmware1.66

🔴Vulnerability Details

CVEList

CVE-2023-40290: An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1↗2024-03-27

▶

GHSA

GHSA-36f2-v56q-6v2j: An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1↗2024-03-27

▶