Honeywell MPA2 Access Panel Vulnerable to Cross-site Scripting Attacks
CVE-2023-1841
4.8MEDIUM
What is CVE-2023-1841?
An improperly neutralized input issue has been identified within the web server modules of the Honeywell MPA2 Access Panel, leading to a cross-site scripting (XSS) vulnerability. This flaw permits attackers to inject malicious scripts during web page generation by exploiting invalid characters. All versions of the MPA2 Access Panel prior to R1.00.08.05 are susceptible to this security risk. Users are advised to upgrade to firmware version R1.00.08.05 or later to mitigate this vulnerability effectively. The latest firmware rectifies the reported issue and enhances overall security.
Affected Version(s)
MPA2 Access Panel 0
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Ken Pyle from CYBIR ([email protected])