Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.
References
Link | Resource |
---|---|
https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
11 Oct 2023, 17:37
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:milesight:ur35_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:milesight:ur52_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:* cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:* cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:* cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:* cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:* cpe:2.3:o:milesight:ur41_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:milesight:ur32_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:* cpe:2.3:o:milesight:ur55_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:milesight:ur32l_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:milesight:ur51_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
First Time |
Milesight ur32l Firmware
Milesight ur51 Milesight ur41 Firmware Milesight ur52 Firmware Milesight ur32 Milesight ur41 Milesight ur32l Milesight ur52 Milesight ur55 Firmware Milesight Milesight ur55 Milesight ur35 Milesight ur51 Firmware Milesight ur32 Firmware Milesight ur35 Firmware |
|
CWE | CWE-79 | |
References | (MISC) https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 - Exploit, Third Party Advisory |
05 Oct 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-05 19:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-43260
Mitre link : CVE-2023-43260
CVE.ORG link : CVE-2023-43260
JSON object : View
Products Affected
milesight
- ur32l_firmware
- ur51_firmware
- ur32l
- ur35_firmware
- ur35
- ur51
- ur41_firmware
- ur52_firmware
- ur41
- ur52
- ur55_firmware
- ur32_firmware
- ur32
- ur55
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')