CVE-2024-5420

HIGH NUCLEI

SEH Computertechnik <20.1.22 - XSS

Title source: llm

Description

Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.

Exploits (2)

nomisec WRITEUP 3 stars

by gh-ost00 · poc

https://github.com/gh-ost00/CVE-2024-5420-XSS

View Code ZIP pw:eip

inthewild SCANNER

poc

https://github.com/fa-rrel/cve-2024-5420-xss

View Code ZIP pw:eip

Nuclei Templates (1)

SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting

HIGHVERIFIEDby bl4ckp4r4d1s3

Shodan: html:"utnserver Control Center"

References (3)

[Various Sources] https://cyberdanube.com/security-research/multiple-vulnerabilities-in-seh-untserver-pro/

[Various Sources] https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/index.html

[Mailing List] http://seclists.org/fulldisclosure/2024/Jun/4

Scores

CVSS v4 8.3

EPSS 0.4658

EPSS Percentile 97.7%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:H

Details

CWE

CWE-79

Status published

Products (3)

SEH Computertechnik/INU-100 < 20.1.22

SEH Computertechnik/utnserver Pro < 20.1.22

SEH Computertechnik/utnserver ProMAX < 20.1.22

Published Jun 04, 2024

Tracked Since Feb 18, 2026