Home

Description

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.

PUBLISHED Reserved 2023-12-22 | Published 2024-01-17 | Updated 2024-10-21 | Assigner CERT-In




MEDIUM: 6.9CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
unaffected

Any version
affected

Credits

This vulnerability is reported by Sushant Mane, Parul Sindhwad, Tushar Nagrare and Dr. Faruk Kazi from CoE-CNDS Lab, VJTI Mumbai, India. finder

References

www.cert-in.org.in/...eid=PUBVLNOTES01&VLCODE=CIVN-2024-0013

cve.org (CVE-2023-51723)

nvd.nist.gov (CVE-2023-51723)

Download JSON