3 matches found
CVE-2023-24497
Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...
CVE-2023-24497
Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...
CVE-2023-24497
Milesight VPN v2.0.2 contains cross-site scripting (XSS) vulnerabilities in the requestHandlers.js detail_device flow (CVE-2023-24497). Talos documents that XSS is introduced when a device is registered via Device_Auth, with user-controlled data stored in the device table (notably the remote_subn...