CVE-2023-41922

Published: Jul 2, 2024Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A 'Cross-site Scripting' (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation, resulting in multiple instances of Stored XSS vulnerabilities.

Affected (2)

Products: Kiloview: P1 Firmware, P2 Firmware

2 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kiloview P1 Firmware	All versions

Running on/with	Platform Versions
Kiloview P1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kiloview P2 Firmware	All versions

Running on/with	Platform Versions
Kiloview P2	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273

Source: cert@ncsc.nl

Third Party Advisory

https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.