Lucene search

[email protected]CVE-2023-22971

HistoryJan 26, 2023 - 9:18 p.m.

CVE-2023-22971

2023-01-2621:18:13

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-22971

cross site scripting

xss

hughes network systems

router terminal

hx200

hx90

security vulnerability

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

45.0%

JSON

Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application.

Affected configurations

NVD

Node

hugheshx200_firmwareMatch8.3.1.14

AND

hugheshx200Match-

Node

hugheshx90_firmwareMatch6.11.0.5

AND

hugheshx90Match-

Node

hugheshx50l_firmwareMatch6.10.0.18

AND

hugheshx50lMatch-

Node

hugheshn9460_firmwareMatch8.2.0.48

AND

hugheshn9460Match-

Node

hugheshn7000s_firmwareMatch6.9.0.37

AND

hugheshn7000sMatch-

CPENameOperatorVersion
hughes:hx200_firmwarehughes hx200 firmwareeq8.3.1.14

CPE	Name	Operator	Version
hughes:hx200_firmware	hughes hx200 firmware	eq	8.3.1.14

References

www.hughes.com

www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5743.php

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

45.0%

JSON

Related for CVE-2023-22971

prion1 cvelist1 nvd1 zeroscience1