Supermicro Devices Vulnerable to XSS Attack via Internet Explorer 11 on Windows
CVE-2023-40290

8.3HIGH

Key Information:

Vendor: Supermicro
Status: X11ssm-f Firmware
Vendor: CVE Published:; 27 March 2024

What is CVE-2023-40290?

A vulnerability identified in Supermicro's X11SSM-F, X11SAE-F, and X11SSE-F devices allows attackers to perform cross-site scripting (XSS) attacks via Internet Explorer 11 running on Windows. This security flaw could enable malicious actors to execute arbitrary scripts in the context of a user's session, potentially leading to unauthorized activities or data exposure. Users are encouraged to apply security updates and implement best security practices to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.supermicro.com/en/support/security_center#%21...

https://www.supermicro.com/en/support/security_BMC_IPMI_O...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Aug 14, 2023

JSON

Supermicro

What is CVE-2023-40290?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.