4.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
27.1%
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the remote_subnet field of the database
Vendor | Product | Version | CPE |
---|---|---|---|
milesight | milesightvpn | * | cpe:2.3:a:milesight:milesightvpn:*:*:*:*:*:*:*:* |
[
{
"vendor": "Milesight",
"product": "MilesightVPN",
"versions": [
{
"version": "v2.0.2",
"status": "affected"
}
]
}
]
4.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
27.1%