Vulnerabilities > CVE-2023-24496 - Unspecified vulnerability in Milesight Milesightvpn 2.0.2

CVSS 4.7 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

high complexity

milesight

NVD

Published: 2023-07-06

Updated: 2024-11-21

Summary

Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.

Vulnerable Configurations

Part	Description	Count
Application	Milesight Milesight Milesightvpn 2.0.2	1

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704