CVE-2024-5420
Stored Cross-Site Scripting in SEH Computertechnik utnserver Pro
Severity Score
8.3
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.
Falta la validación de entrada en SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, la interfaz web de SEH Computertechnik INU-100 permite Cross-Site Scripting (XSS) Almacenado. Este problema afecta a utnserver Pro, utnserver ProMAX, INU-100 versión 20.1.22. y por debajo.
SEH utnserver Pro/ProMAX and INU-100 version 20.1.22 suffers from cross site scripting, denial of service, and file disclosure vulnerabilities.
*Credits:
T. Weber
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-05-27 CVE Reserved
- 2024-06-04 CVE Published
- 2024-08-01 CVE Updated
- 2024-08-17 EPSS Updated
- 2024-09-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
- CAPEC-592: Stored XSS
References (3)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2024/Jun/4 |
|
|
| https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/index.html |
| URL | Date | SRC |
|---|---|---|
| https://github.com/fa-rrel/CVE-2024-5420-XSS | 2024-09-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| SEH Computertechnik Search vendor "SEH Computertechnik" | Utnserver Pro Search vendor "SEH Computertechnik" for product "Utnserver Pro" | <= 20.1.22 Search vendor "SEH Computertechnik" for product "Utnserver Pro" and version " <= 20.1.22" | en |
Affected
| ||||||
| SEH Computertechnik Search vendor "SEH Computertechnik" | Utnserver ProMAX Search vendor "SEH Computertechnik" for product "Utnserver ProMAX" | <= 20.1.22 Search vendor "SEH Computertechnik" for product "Utnserver ProMAX" and version " <= 20.1.22" | en |
Affected
| ||||||
| SEH Computertechnik Search vendor "SEH Computertechnik" | INU-100 Search vendor "SEH Computertechnik" for product "INU-100" | <= 20.1.22 Search vendor "SEH Computertechnik" for product "INU-100" and version " <= 20.1.22" | en |
Affected
| ||||||