CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45222 – Westermo Lynx Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-45222
An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter. Un atacante con acceso a la aplicación web que tiene el software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "autorefresh". • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45213 – Westermo Lynx Permissive Cross-domain Policy with Untrusted Domains
https://notcve.org/view.php?id=CVE-2023-45213
A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. Un potencial atacante con acceso al dispositivo Westermo Lynx podría ejecutar código malicioso que podría afectar el correcto funcionamiento del dispositivo. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-697: Incorrect Comparison CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42765 – Westermo Lynx Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-42765
An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. Un atacante con acceso al software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "username" en la configuración SNMP. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40544 – Westermo Lynx Cleartext Transmission of Sensitive Information
https://notcve.org/view.php?id=CVE-2023-40544
An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. Un atacante con acceso a la red donde se encuentran los dispositivos afectados podría realizar acciones maliciosas para obtener, a través de un sniffer, información sensible intercambiada mediante comunicaciones TCP. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45227 – Westermo Lynx Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-45227
An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. Un atacante con acceso a la aplicación web con software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "dns.0.server". • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •