Stored Cross-Site Scripting
CVE-2023-4203
9CRITICAL
Summary
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.
Affected Version(s)
EKI-1524 <= 1.24
EKI-1522 <= 1.24
EKI-1521 <= 1.24
Refferences
CVSS V3.1
Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
R. Haas
A. Resanovic
T. Etzenberger
M. Bineder