Lucene search

MoxaCVELIST:CVE-2024-3576

HistoryMay 06, 2024 - 12:04 p.m.

CVE-2024-3576 NPort 5100A Series Store XSS Vulnerability

2024-05-0612:04:47

CWE-79

Moxa

www.cve.org

nport 5100a

xss vulnerability

firmware

web server

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NPort 5100A Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "1.6",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-246328-nport-5100a-series-store-xss-vulnerability

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-3576