CVE-2023-6333

2023-12-0718:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-6333

endpoint

web interface

malicious javascript code

user session

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

14.0%

JSON

The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user’s session.

Affected configurations

Nvd

Node

controlbywebx-332-24i_firmwareMatch1.06

AND

controlbywebx-332-24iMatch-

Node

controlbywebx-301-i_firmwareMatch1.15

AND

controlbywebx-301-iMatch-

Node

controlbywebx-301-24i_firmwareMatch1.15

AND

controlbywebx-301-24iMatch-

VendorProductVersionCPE
controlbywebx-332-24i_firmware1.06cpe:2.3:o:controlbyweb:x-332-24i_firmware:1.06:*:*:*:*:*:*:*
controlbywebx-332-24i-cpe:2.3:h:controlbyweb:x-332-24i:-:*:*:*:*:*:*:*
controlbywebx-301-i_firmware1.15cpe:2.3:o:controlbyweb:x-301-i_firmware:1.15:*:*:*:*:*:*:*
controlbywebx-301-i-cpe:2.3:h:controlbyweb:x-301-i:-:*:*:*:*:*:*:*
controlbywebx-301-24i_firmware1.15cpe:2.3:o:controlbyweb:x-301-24i_firmware:1.15:*:*:*:*:*:*:*
controlbywebx-301-24i-cpe:2.3:h:controlbyweb:x-301-24i:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
controlbyweb	x-332-24i_firmware	1.06	cpe:2.3:o:controlbyweb:x-332-24i_firmware:1.06:::::::*
controlbyweb	x-332-24i	-	cpe:2.3:h:controlbyweb:x-332-24i:-:::::::*
controlbyweb	x-301-i_firmware	1.15	cpe:2.3:o:controlbyweb:x-301-i_firmware:1.15:::::::*
controlbyweb	x-301-i	-	cpe:2.3:h:controlbyweb:x-301-i:-:::::::*
controlbyweb	x-301-24i_firmware	1.15	cpe:2.3:o:controlbyweb:x-301-24i_firmware:1.15:::::::*
controlbyweb	x-301-24i	-	cpe:2.3:h:controlbyweb:x-301-24i:-:::::::*