We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-51723

Stored Cross Site Scripting Vulnerability in Skyworth Router



Description

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.

Reserved 2023-12-22 | Published 2024-01-17 | Updated 2024-10-21 | Assigner CERT-In


MEDIUM: 6.9CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
unaffected

Any version
affected

Credits

This vulnerability is reported by Sushant Mane, Parul Sindhwad, Tushar Nagrare and Dr. Faruk Kazi from CoE-CNDS Lab, VJTI Mumbai, India. finder

References

www.cert-in.org.in/...eid=PUBVLNOTES01&VLCODE=CIVN-2024-0013

cve.org (CVE-2023-51723)

nvd.nist.gov (CVE-2023-51723)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-51723

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.