Remote Attacker Can Execute JavaScript Code and Obtain Sensitive Information via Reflected XSS Vulnerability in MT Safeline X-Ray X3310 Webserver
CVE-2023-25199

5.4MEDIUM

Key Information:

Vendor

MT Safeline

Vendor
CVE Published:
4 April 2024

What is CVE-2023-25199?

A reflected cross-site scripting vulnerability present in the MT Safeline X-Ray X3310 webserver version NXG 19.05 poses significant security risks. This vulnerability allows remote attackers to inject and execute malicious JavaScript code within a victim's web browser. As a result, sensitive user information can be compromised, potentially leading to unauthorized access and data exposure. Organizations utilizing this product should prioritize implementing security measures to mitigate the risks associated with this vulnerability.

References

https://summitinfosec.com/blog/x-ray-vision-identifying-c...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.