CVE-2024-3576

CWE-79Cross-site Scripting (XSS)CWE-1934 documents4 sources
Severity
8.3HIGH
EPSS
0.1%
top 73.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Moxa Nport 5100a Series
Timeline
PublishedMay 6
Latest updateOct 21

Description

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.7

Affected Packages1 packages

CVEListV5moxa/nport_5100a_series1.01.6

🔴Vulnerability Details

2
GHSA
GHSA-8hfj-v3g5-5mpj: The NPort 5100A Series prior to version 12024-05-06
CVEList
NPort 5100A Series Store XSS Vulnerability2024-05-06

📋Vendor Advisories

1
Red Hat
kernel: ext4: fix off by one issue in alloc_flex_gd()2024-10-21
CVE-2024-3576 (HIGH CVSS 8.3) | The NPort 5100A Series firmware ver | cvebase.io