Cross-Site Scripting Vulnerability in Milesight UR5X, UR32L, UR32, UR35, UR41 Products
CVE-2023-43260

6.1MEDIUM

Key Information:

Vendor: Milesight
Status: Ur51 Firmware
Vendor: CVE Published:; 5 October 2023

What is CVE-2023-43260?

Milesight devices UR5X, UR32L, UR32, UR35, and UR41 prior to version 35.3.0.7 are susceptible to a cross-site scripting (XSS) vulnerability present in the admin panel. This flaw can allow an attacker to inject malicious scripts, potentially compromising sensitive data and user sessions when exploited. It is crucial for users and administrators of these products to apply the latest security updates to mitigate risks.

References

https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 5, 2023
Vulnerability Reserved
Sep 18, 2023

CVE-2023-43260 Data

JSON