CVE-2023-43260

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-43260
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:milesight:ur51_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:milesight:ur52_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:milesight:ur55_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:milesight:ur32l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:milesight:ur32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:milesight:ur35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:milesight:ur41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:*
History

11 Oct 2023, 17:37

Type Values Removed Values Added
CPE cpe:2.3:o:milesight:ur35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur52_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur55_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur32l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur51_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.1
First Time Milesight ur32l Firmware
Milesight ur51
Milesight ur41 Firmware
Milesight ur52 Firmware
Milesight ur32
Milesight ur41
Milesight ur32l
Milesight ur52
Milesight ur55 Firmware
Milesight
Milesight ur55
Milesight ur35
Milesight ur51 Firmware
Milesight ur32 Firmware
Milesight ur35 Firmware
CWE CWE-79
References (MISC) https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 - (MISC) https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 - Exploit, Third Party Advisory

05 Oct 2023, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-10-05 19:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-43260

Mitre link : CVE-2023-43260

CVE.ORG link : CVE-2023-43260

JSON object : View

Products Affected

milesight

  • ur52_firmware
  • ur51
  • ur55
  • ur52
  • ur41
  • ur32
  • ur32l_firmware
  • ur35_firmware
  • ur55_firmware
  • ur35
  • ur41_firmware
  • ur32l
  • ur32_firmware
  • ur51_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')