Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2023-07-06T14:53:31.258Z
Updated: 2023-07-17T18:49:06.317Z
Reserved: 2023-01-24T19:20:44.636Z
Link: CVE-2023-24496
JSON object: View
NVD Information
Status : Modified
Published: 2023-07-06T15:15:11.953
Modified: 2023-07-17T19:15:09.200
Link: CVE-2023-24496
JSON object: View
Redhat Information
No data.
CWE