CVSS: 6.4EPSS: 0%CPEs: 14EXPL: 1CVE-2023-43260
https://notcve.org/view.php?id=CVE-2023-43260
05 Oct 2023 — Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel. Se descubrió que Milesight UR5X, UR32L, UR32, UR35, UR41 anteriores a v35.3.0.7 contenían una vulnerabilidad de Cross-Site Scripting (XSS) a través del panel de administración. • https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 1CVE-2023-43261 – Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage
https://notcve.org/view.php?id=CVE-2023-43261
04 Oct 2023 — An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. Una divulgación de información en Milesight UR5X, UR32L, UR32, UR35, UR41 anterior a v35.3.0.7 permite a los atacantes acceder a componentes confidenciales del router. Milesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password encryption. • https://github.com/win3zz/CVE-2023-43261 • CWE-532: Insertion of Sensitive Information into Log File •