CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40143 – Westermo Lynx
https://notcve.org/view.php?id=CVE-2023-40143
06 Feb 2024 — An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter. Un atacante con acceso a la aplicación web Westermo Lynx que tiene el software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "forward.0.domain". • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45735 – Westermo Lynx Code Injection
https://notcve.org/view.php?id=CVE-2023-45735
06 Feb 2024 — A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. Un potencial atacante con acceso al dispositivo Westermo Lynx podría ejecutar código malicioso que podría afectar el correcto funcionamiento del dispositivo. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45222 – Westermo Lynx Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-45222
06 Feb 2024 — An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter. Un atacante con acceso a la aplicación web que tiene el software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "autorefresh". • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45213 – Westermo Lynx Permissive Cross-domain Policy with Untrusted Domains
https://notcve.org/view.php?id=CVE-2023-45213
06 Feb 2024 — A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. Un potencial atacante con acceso al dispositivo Westermo Lynx podría ejecutar código malicioso que podría afectar el correcto funcionamiento del dispositivo. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-697: Incorrect Comparison CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42765 – Westermo Lynx Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-42765
06 Feb 2024 — An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. Un atacante con acceso al software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "username" en la configuración SNMP. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40544 – Westermo Lynx Cleartext Transmission of Sensitive Information
https://notcve.org/view.php?id=CVE-2023-40544
06 Feb 2024 — An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. Un atacante con acceso a la red donde se encuentran los dispositivos afectados podría realizar acciones maliciosas para obtener, a través de un sniffer, información sensible intercambiada mediante comunicaciones TCP. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45227 – Westermo Lynx Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-45227
06 Feb 2024 — An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. Un atacante con acceso a la aplicación web con software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "dns.0.server". • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38579 – Westermo Lynx 206-F2G Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2023-38579
06 Feb 2024 — The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally. El token de cross-site request forgery en la solicitud puede ser predecible o fácilmente adivinable, lo que permite a los atacantes crear una solicitud maliciosa, que podría ser activada por una víctima sin saberl... • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-352: Cross-Site Request Forgery (CSRF) •