CVE-2023-4202
Stored Cross-Site Scripting
Severity Score
5.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.
Los dispositivos Advantech EKI-1524, EKI-1522, EKI-1521 hasta la versión 1.21 están afectados por una vulnerabilidad de secuencias de comandos cruzadas almacenadas, que puede ser activada por usuarios autenticados en el campo del nombre del dispositivo de la interfaz web.
Advantech EKI-1524-CE series, EKI-1522 series,and EKI-1521 series versions 1.21 and below and 1.24 and below suffer from cross site scripting vulnerabilities.
*Credits:
R. Haas, A. Resanovic, T. Etzenberger, M. Bineder
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-07 CVE Reserved
- 2023-08-08 CVE Published
- 2024-08-14 EPSS Updated
- 2024-10-10 CVE Updated
- 2024-10-10 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
- CAPEC-63: Cross-Site Scripting (XSS)
References (3)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.html |
|
|
| http://seclists.org/fulldisclosure/2023/Aug/13 |
|
| URL | Date | SRC |
|---|---|---|
| https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series | 2024-10-10 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Advantech Search vendor "Advantech" | Eki-1524 Firmware Search vendor "Advantech" for product "Eki-1524 Firmware" | <= 1.21 Search vendor "Advantech" for product "Eki-1524 Firmware" and version " <= 1.21" | - |
Affected
| in | Advantech Search vendor "Advantech" | Eki-1524 Search vendor "Advantech" for product "Eki-1524" | - | - |
Safe
|
| Advantech Search vendor "Advantech" | Eki-1522 Firmware Search vendor "Advantech" for product "Eki-1522 Firmware" | <= 1.21 Search vendor "Advantech" for product "Eki-1522 Firmware" and version " <= 1.21" | - |
Affected
| in | Advantech Search vendor "Advantech" | Eki-1522 Search vendor "Advantech" for product "Eki-1522" | - | - |
Safe
|
| Advantech Search vendor "Advantech" | Eki-1521 Firmware Search vendor "Advantech" for product "Eki-1521 Firmware" | <= 1.21 Search vendor "Advantech" for product "Eki-1521 Firmware" and version " <= 1.21" | - |
Affected
| in | Advantech Search vendor "Advantech" | Eki-1521 Search vendor "Advantech" for product "Eki-1521" | - | - |
Safe
|