CVE-2023-24496

CVE-2023-24496

Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.

Source: CVE-2023-24496

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다