CVE-2024-38380

This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:millbeckcommunications:proroute_h685t-w_firmware:3.2.334:*:*:*:*:*:*:*
cpe:2.3:h:millbeckcommunications:proroute_h685t-w:*:*:*:*:*:*:*:*

History

02 Oct 2024, 14:22

Type Values Removed Values Added
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : 5.5
v2 : unknown
v3 : 5.4
First Time Millbeckcommunications proroute H685t-w
Millbeckcommunications proroute H685t-w Firmware
Millbeckcommunications
CPE cpe:2.3:o:millbeckcommunications:proroute_h685t-w_firmware:3.2.334:*:*:*:*:*:*:*
cpe:2.3:h:millbeckcommunications:proroute_h685t-w:*:*:*:*:*:*:*:*

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Esta vulnerabilidad ocurre cuando la entrada proporcionada por el usuario se desinfecta incorrectamente y luego se refleja en el navegador del usuario, lo que permite a un atacante ejecutar JavaScript arbitrario en el contexto de la sesión del navegador de la víctima.

17 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-17 18:15

Updated : 2024-10-02 14:22


NVD link : CVE-2024-38380

Mitre link : CVE-2024-38380

CVE.ORG link : CVE-2024-38380


JSON object : View

Products Affected

millbeckcommunications

  • proroute_h685t-w
  • proroute_h685t-w_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')