Lucene search

[email protected]NVD:CVE-2023-4202

HistoryAug 08, 2023 - 11:15 a.m.

CVE-2023-4202

2023-08-0811:15:11

CWE-79

[email protected]

web.nvd.nist.gov

advantech

eki-1524

eki-1522

eki-1521

stored cross-site scripting

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

39.3%

JSON

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.

Affected configurations

Nvd

Node

advantecheki-1524Match-

AND

advantecheki-1524_firmwareRange≤1.21

Node

advantecheki-1522Match-

AND

advantecheki-1522_firmwareRange≤1.21

Node

advantecheki-1521Match-

AND

advantecheki-1521_firmwareRange≤1.21

VendorProductVersionCPE
advantecheki-1524-cpe:2.3:h:advantech:eki-1524:-:*:*:*:*:*:*:*
advantecheki-1524_firmware*cpe:2.3:o:advantech:eki-1524_firmware:*:*:*:*:*:*:*:*
advantecheki-1522-cpe:2.3:h:advantech:eki-1522:-:*:*:*:*:*:*:*
advantecheki-1522_firmware*cpe:2.3:o:advantech:eki-1522_firmware:*:*:*:*:*:*:*:*
advantecheki-1521-cpe:2.3:h:advantech:eki-1521:-:*:*:*:*:*:*:*
advantecheki-1521_firmware*cpe:2.3:o:advantech:eki-1521_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
advantech	eki-1524	-	cpe:2.3:h:advantech:eki-1524:-:::::::*
advantech	eki-1524_firmware	*	cpe:2.3:o:advantech:eki-1524_firmware::::::::
advantech	eki-1522	-	cpe:2.3:h:advantech:eki-1522:-:::::::*
advantech	eki-1522_firmware	*	cpe:2.3:o:advantech:eki-1522_firmware::::::::
advantech	eki-1521	-	cpe:2.3:h:advantech:eki-1521:-:::::::*
advantech	eki-1521_firmware	*	cpe:2.3:o:advantech:eki-1521_firmware::::::::