CVE-2024-55040 | THREATINT

Description

Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code via a crafted GET requests to /@.xml, placing payloads in the g7200, g7300, g4601, and g1F02 parameters.

PUBLISHED Reserved 2024-12-06 | Published 2025-07-21 | Updated 2025-07-22 | Assigner mitre

References

github.com/tcbutler320/Sensaphone-WEB600-XSS

sensaphone.com/products/sensaphone-web600-monitoring-system

vulmon.com/vulnerabilitydetails?qid=CVE-2024-55040

cve.org (CVE-2024-55040)

nvd.nist.gov (CVE-2024-55040)

Download JSON