CVE-2024-5420

HIGH NUCLEI

SEH Computertechnik utnserver Pro, ProMAX, INU-100 < 20.1.22 - Stored Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-5420. PoCs published by gh-ost00. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a description and usage instructions for detecting CVE-2024-5420, a stored XSS vulnerability in utnserver Pro, ProMAX, and INU-100 versions 20.1.22 and earlier. It includes a Nuclei template reference and dork queries for discovery.

Description

Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.

Exploits (2)

nomisec WRITEUP 3 stars

by gh-ost00 · poc

https://github.com/gh-ost00/CVE-2024-5420-XSS

View Code ZIP pw:eip

This repository provides a description and usage instructions for detecting CVE-2024-5420, a stored XSS vulnerability in utnserver Pro, ProMAX, and INU-100 versions 20.1.22 and earlier. It includes a Nuclei template reference and dork queries for discovery.

Classification

Writeup 80%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: utnserver Pro, utnserver ProMAX, INU-100 <= 20.1.22

No auth needed

Prerequisites: Access to the target web interface · Ability to trick a victim into visiting a malicious link

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

inthewild SCANNER

poc

https://github.com/fa-rrel/cve-2024-5420-xss

View Code ZIP pw:eip

The repository contains a Nuclei template for detecting CVE-2024-5420, a stored XSS vulnerability in SEH utnserver Pro/ProMAX and INU-100 devices. It includes a YAML file with HTTP request details to test for the vulnerability and a README with usage instructions.

Classification

Scanner 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: SEH utnserver Pro/ProMAX / INU-100 (versions 0 - 20.1.22)

No auth needed

Prerequisites: Access to the target web interface

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 23, 2026 Full analysis →

Nuclei Templates (1)

SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting

HIGHVERIFIEDby bl4ckp4r4d1s3

Shodan: html:"utnserver Control Center"

References (3)

Core 3

Core References

Various Sources

https://cyberdanube.com/security-research/multiple-vulnerabilities-in-seh-untserver-pro/

Various Sources

https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/index.html

Mailing List

http://seclists.org/fulldisclosure/2024/Jun/4

Scores

CVSS v4 8.3

EPSS 0.4002

EPSS Percentile 97.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (3)

SEH Computertechnik/INU-100 < 20.1.22

SEH Computertechnik/utnserver Pro < 20.1.22

SEH Computertechnik/utnserver ProMAX < 20.1.22

Published Jun 04, 2024

Tracked Since Feb 18, 2026