Lucene search

[email protected]CVE-2023-43260

HistoryOct 05, 2023 - 7:15 p.m.

CVE-2023-43260

2023-10-0519:15:11

CWE-79

[email protected]

web.nvd.nist.gov

milesight

ur5x

ur32l

ur32

ur35

ur41

xss

vulnerability

admin panel

nvd

cve-2023-43260

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.

Affected configurations

NVD

Node

milesightur51_firmwareRange<35.3.0.7

AND

milesightur51Match-

Node

milesightur52_firmwareRange<35.3.0.7

AND

milesightur52Match-

Node

milesightur55_firmwareRange<35.3.0.7

AND

milesightur55Match-

Node

milesightur32l_firmwareRange<35.3.0.7

AND

milesightur32lMatch-

Node

milesightur32_firmwareRange<35.3.0.7

AND

milesightur32Match-

Node

milesightur35_firmwareRange<35.3.0.7

AND

milesightur35Match-

Node

milesightur41_firmwareRange<35.3.0.7

AND

milesightur41Match-

CPENameOperatorVersion
milesight:ur51_firmwaremilesight ur51 firmwarelt35.3.0.7

CPE	Name	Operator	Version
milesight:ur51_firmware	milesight ur51 firmware	lt	35.3.0.7

References

gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-43260

nvd1 cvelist1 prion1