Stored Cross-Site Scripting
CVE-2023-4203

9CRITICAL

Key Information:

Vendor: Advantech
Status: Eki-1524; Eki-1522; Eki-1521
Vendor: CVE Published:; 8 August 2023

Summary

Advantech EKI-1524, EKI-1522, and EKI-1521 devices, up to version 1.21, are susceptible to a Stored Cross-Site Scripting vulnerability. This issue arises when authenticated users interact with the ping tool in the web-interface, allowing an attacker to inject malicious scripts. If exploited, this vulnerability could compromise the confidentiality of user data and potentially facilitate unauthorized actions within the application.

Affected Version(s)

EKI-1521 0 <= 1.24

EKI-1522 0 <= 1.24

EKI-1524 0 <= 1.24

References

https://cyberdanube.com/en/en-st-polten-uas-multiple-vuln...

http://seclists.org/fulldisclosure/2023/Aug/13

http://packetstormsecurity.com/files/174153/Advantech-EKI...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Aug 7, 2023

Credit

R. Haas

A. Resanovic

T. Etzenberger

M. Bineder