Stored Cross-Site Scripting

CVE-2023-4202
9CRITICAL

Key Information

Vendor
Advantech
Status
Eki-1524
Eki-1522
Eki-1521
Vendor
CVE Published:
8 August 2023

Summary

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.

Affected Version(s)

EKI-1524 <= 1.21

EKI-1522 <= 1.21

EKI-1521 <= 1.21

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Risk change from: 5.4 to: 9 - (CRITICAL)

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

R. Haas
A. Resanovic
T. Etzenberger
M. Bineder
.