CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40143 – Westermo Lynx
https://notcve.org/view.php?id=CVE-2023-40143
An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter. Un atacante con acceso a la aplicación web Westermo Lynx que tiene el software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "forward.0.domain". • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45735 – Westermo Lynx Code Injection
https://notcve.org/view.php?id=CVE-2023-45735
A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. Un potencial atacante con acceso al dispositivo Westermo Lynx podría ejecutar código malicioso que podría afectar el correcto funcionamiento del dispositivo. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45222 – Westermo Lynx Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-45222
An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter. Un atacante con acceso a la aplicación web que tiene el software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "autorefresh". • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45213 – Westermo Lynx Permissive Cross-domain Policy with Untrusted Domains
https://notcve.org/view.php?id=CVE-2023-45213
A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. Un potencial atacante con acceso al dispositivo Westermo Lynx podría ejecutar código malicioso que podría afectar el correcto funcionamiento del dispositivo. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-697: Incorrect Comparison CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42765 – Westermo Lynx Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-42765
An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. Un atacante con acceso al software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "username" en la configuración SNMP. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •