CVE-2023-43260

Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.
References
Link Resource
https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:milesight:ur51_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:milesight:ur52_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:milesight:ur55_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:milesight:ur32l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:milesight:ur32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:milesight:ur35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:milesight:ur41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:*

History

11 Oct 2023, 17:37

Type Values Removed Values Added
CPE cpe:2.3:o:milesight:ur35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur52_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur55_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur32l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur51_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
First Time Milesight ur32l Firmware
Milesight ur51
Milesight ur41 Firmware
Milesight ur52 Firmware
Milesight ur32
Milesight ur41
Milesight ur32l
Milesight ur52
Milesight ur55 Firmware
Milesight
Milesight ur55
Milesight ur35
Milesight ur51 Firmware
Milesight ur32 Firmware
Milesight ur35 Firmware
CWE CWE-79
References (MISC) https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 - (MISC) https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 - Exploit, Third Party Advisory

05 Oct 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-05 19:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-43260

Mitre link : CVE-2023-43260

CVE.ORG link : CVE-2023-43260


JSON object : View

Products Affected

milesight

  • ur32l_firmware
  • ur51_firmware
  • ur32l
  • ur35_firmware
  • ur35
  • ur51
  • ur41_firmware
  • ur52_firmware
  • ur41
  • ur52
  • ur55_firmware
  • ur32_firmware
  • ur32
  • ur55
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')