Stored XSS Vulnerability in EnGenius EWS356-Fit Devices
CVE-2024-31975
Currently unrated
What is CVE-2024-31975?
The EnGenius EWS356-Fit devices, specifically version 1.1.30, are susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This issue allows remote attackers to exploit the Wi-Fi SSID parameters, injecting malicious JavaScript. When a user interacts with the SSID field by clicking the corresponding EDIT button, the injected script executes, potentially compromising user data and security. This vulnerability underscores the importance of securing input fields within network devices to prevent such remote attacks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.