3 matches found
CVE-2023-24496
creationtimestamp| type| source ---|---|--- 2023-07-06 18:33:50+00:00| seen| https://t.me/cibsecurity/66127...
CVE-2023-24496
Milesight VPN v2.0.2 is affected by cross-site scripting in the Device_Auth flow. Talos documents CVE-2023-24496 (XSS via device_name stored in device.name) and CVE-2023-24497 (XSS via subnet stored in device.remote_subnet). An attacker can register a device with crafted inputs, which are stored ...
CVE-2023-24496
Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...