Lucene search
+L

CVE-2024-3141

🗓️ 01 Apr 2024 23:00:06Reported by VulDBType 
cve
 cve
🔗 web.nvd.nist.gov👁 73 Views🌐 WEB

Vulnerability in Clavister E10 and E80, up to 20240323, allows remote attackers to initiate cross site scripting via the manipulation of certain arguments in the Misc Settings Page, leading to the exploitation of the disclosed vulnerability

Related
Detection
Affected
Refs
Paths
Vulners
Vulnrichment
Node
OR
OR
clavistere10Match14.00.0
clavistere10Match14.00.1
clavistere10Match14.00.2
clavistere10Match14.00.3
clavistere10Match14.00.4
clavistere10Match14.00.5
clavistere10Match14.00.6
clavistere10Match14.00.7
clavistere10Match14.00.8
clavistere10Match14.00.9
clavistere10Match14.00.10
OR
clavistere80Match14.00.0
clavistere80Match14.00.1
clavistere80Match14.00.2
clavistere80Match14.00.3
clavistere80Match14.00.4
clavistere80Match14.00.5
clavistere80Match14.00.6
clavistere80Match14.00.7
clavistere80Match14.00.8
clavistere80Match14.00.9
clavistere80Match14.00.10
[
  {
    "vendor": "Clavister",
    "product": "E10",
    "versions": [
      {
        "version": "14.00.0",
        "status": "affected"
      },
      {
        "version": "14.00.1",
        "status": "affected"
      },
      {
        "version": "14.00.2",
        "status": "affected"
      },
      {
        "version": "14.00.3",
        "status": "affected"
      },
      {
        "version": "14.00.4",
        "status": "affected"
      },
      {
        "version": "14.00.5",
        "status": "affected"
      },
      {
        "version": "14.00.6",
        "status": "affected"
      },
      {
        "version": "14.00.7",
        "status": "affected"
      },
      {
        "version": "14.00.8",
        "status": "affected"
      },
      {
        "version": "14.00.9",
        "status": "affected"
      },
      {
        "version": "14.00.10",
        "status": "affected"
      }
    ],
    "modules": [
      "Misc Settings Page"
    ]
  },
  {
    "vendor": "Clavister",
    "product": "E80",
    "versions": [
      {
        "version": "14.00.0",
        "status": "affected"
      },
      {
        "version": "14.00.1",
        "status": "affected"
      },
      {
        "version": "14.00.2",
        "status": "affected"
      },
      {
        "version": "14.00.3",
        "status": "affected"
      },
      {
        "version": "14.00.4",
        "status": "affected"
      },
      {
        "version": "14.00.5",
        "status": "affected"
      },
      {
        "version": "14.00.6",
        "status": "affected"
      },
      {
        "version": "14.00.7",
        "status": "affected"
      },
      {
        "version": "14.00.8",
        "status": "affected"
      },
      {
        "version": "14.00.9",
        "status": "affected"
      },
      {
        "version": "14.00.10",
        "status": "affected"
      }
    ],
    "modules": [
      "Misc Settings Page"
    ]
  }
]
ParameterPositionPathDescriptionCWE
WatchdogTimerTimequery param/?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettingsCross-site scripting (CWE-79) via manipulation of multiple arguments in the Misc Settings page to inject script via user-controllable fields.CWE-79
BufFloodRebootTimequery param/?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettingsCross-site scripting (CWE-79) via manipulation of multiple arguments in the Misc Settings page to inject script via user-controllable fields.CWE-79
MaxPipeUsersquery param/?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettingsCross-site scripting (CWE-79) via manipulation of multiple arguments in the Misc Settings page to inject script via user-controllable fields.CWE-79
AVCache Lifetimequery param/?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettingsCross-site scripting (CWE-79) via manipulation of multiple arguments in the Misc Settings page to inject script via user-controllable fields.CWE-79
HTTPipeliningMaxReqquery param/?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettingsCross-site scripting (CWE-79) via manipulation of multiple arguments in the Misc Settings page to inject script via user-controllable fields.CWE-79
Reassembly MaxConnectionsquery param/?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettingsCross-site scripting (CWE-79) via manipulation of multiple arguments in the Misc Settings page to inject script via user-controllable fields.CWE-79
Reassembly MaxProcessingMemquery param/?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettingsCross-site scripting (CWE-79) via manipulation of multiple arguments in the Misc Settings page to inject script via user-controllable fields.CWE-79
ScrSaveTimequery param/?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettingsCross-site scripting (CWE-79) via manipulation of multiple arguments in the Misc Settings page to inject script via user-controllable fields.CWE-79

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 07:43Current
3.5Low risk
Vulners AI Score3.5
CVSS 3.12.4
CVSS 23.3
CVSS 32.4
EPSS0.00489
SSVC
73