CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45992
https://notcve.org/view.php?id=CVE-2023-45992
19 Oct 2023 — A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. Una vulnerabilidad en la interfaz web del producto RUCKUS Cloudpath en la versión 5.12 build 5538 o anterior podría ... • https://github.com/harry935/CVE-2023-45992 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •