CVE-2023-24496
MEDIUMMilesight VPN 2.0.2 - Cross-Site Scripting via Name Field in detail_device Request Handler
Title source: llmDescription
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1704
Scores
CVSS v3
4.7
EPSS
0.0065
EPSS Percentile
46.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-80
Status
published
Products (1)
milesight/milesightvpn
2.0.2
Published
Jul 06, 2023
Tracked Since
Feb 18, 2026