CVE-2023-43260

Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:milesight:ur51_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:milesight:ur52_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:milesight:ur55_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:milesight:ur32l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:milesight:ur32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:milesight:ur35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:milesight:ur41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:23

Type Values Removed Values Added
References () https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 - Exploit, Third Party Advisory () https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 - Exploit, Third Party Advisory

11 Oct 2023, 17:37

Type Values Removed Values Added
CPE cpe:2.3:o:milesight:ur35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur52_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur55_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur32l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur51_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79
References (MISC) https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 - (MISC) https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 - Exploit, Third Party Advisory
First Time Milesight ur32l Firmware
Milesight ur51
Milesight ur41 Firmware
Milesight ur52 Firmware
Milesight ur32
Milesight ur41
Milesight ur32l
Milesight ur52
Milesight ur55 Firmware
Milesight
Milesight ur55
Milesight ur35
Milesight ur51 Firmware
Milesight ur32 Firmware
Milesight ur35 Firmware

05 Oct 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-05 19:15

Updated : 2024-11-21 08:23


NVD link : CVE-2023-43260

Mitre link : CVE-2023-43260

CVE.ORG link : CVE-2023-43260


JSON object : View

Products Affected

milesight

  • ur32l_firmware
  • ur51
  • ur35_firmware
  • ur32_firmware
  • ur55
  • ur35
  • ur55_firmware
  • ur52
  • ur32
  • ur32l
  • ur52_firmware
  • ur41_firmware
  • ur51_firmware
  • ur41
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')