CVE-2024-46453

A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
References
Link Resource
https://github.com/nosmo-gla/iq3xcite-XSS-2.31-3.05/tree/main Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:honeywell:iq3xcite_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:honeywell:iq3xcite:-:*:*:*:*:*:*:*

History

07 Oct 2024, 13:53

Type Values Removed Values Added
First Time Honeywell iq3xcite
Honeywell
Honeywell iq3xcite Firmware
CPE cpe:2.3:h:honeywell:iq3xcite:-:*:*:*:*:*:*:*
cpe:2.3:o:honeywell:iq3xcite_firmware:*:*:*:*:*:*:*:*
CWE CWE-79
References () https://github.com/nosmo-gla/iq3xcite-XSS-2.31-3.05/tree/main - () https://github.com/nosmo-gla/iq3xcite-XSS-2.31-3.05/tree/main - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de cross site scripting (XSS) en el componente /test/ de iq3xcite v2.31 a v3.05 permite a los atacantes ejecutar secuencias de comandos web o HTML arbitrarios a través de un payload especialmente manipulado.

27 Sep 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-27 21:15

Updated : 2024-10-07 13:53


NVD link : CVE-2024-46453

Mitre link : CVE-2024-46453

CVE.ORG link : CVE-2024-46453


JSON object : View

Products Affected

honeywell

  • iq3xcite
  • iq3xcite_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')