CVE-2024-8776

SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:intumit:smartrobot_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intumit:smartrobot:-:*:*:*:*:*:*:*

History

20 Sep 2024, 16:38

Type Values Removed Values Added
CPE cpe:2.3:o:intumit:smartrobot_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intumit:smartrobot:-:*:*:*:*:*:*:*
References () https://www.twcert.org.tw/en/cp-139-8070-d10bc-2.html - () https://www.twcert.org.tw/en/cp-139-8070-d10bc-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8069-73393-1.html - () https://www.twcert.org.tw/tw/cp-132-8069-73393-1.html - Third Party Advisory
First Time Intumit smartrobot Firmware
Intumit smartrobot
Intumit

16 Sep 2024, 15:30

Type Values Removed Values Added
Summary
  • (es) SmartRobot de INTUMIT no valida correctamente un parámetro de página específico, lo que permite que atacantes remotos no autenticados inyecten código JavaScript en el parámetro para ataques de Cross-site Scripting Reflejado.

16 Sep 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-16 06:15

Updated : 2024-09-20 16:38


NVD link : CVE-2024-8776

Mitre link : CVE-2024-8776

CVE.ORG link : CVE-2024-8776


JSON object : View

Products Affected

intumit

  • smartrobot
  • smartrobot_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')