CVE-2023-24497
Milesight VPN v2.0.2 contains cross-site scripting (XSS) vulnerabilities in the requestHandlers.js detail_device flow (CVE-2023-24497). Talos documents that XSS is introduced when a device is registered via Device_Auth, with user-controlled data stored in the device table (notably the remote_subn...