CVE-2023-24496

Published: Jul 6, 2023Modified: Jun 17, 2026

4.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.6 / Impact: 2.7

Source: NVD

Description

Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.

Affected (1)

Products: Milesight: Milesightvpn

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Milesight Milesightvpn	Version 2.0.2

Related CWEs

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

References (3)

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1704

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.