Vulnerability Details CVE-2021-35956
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.9%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://packetstormsecurity.com/files/163343/AKCP-sensorProbe-SPX476-Cross-Site-Scripting.html
- http://www.akcp.in.th/downloads/Firmwares/SP480-20210624.zip
- https://tbutler.org/2021/06/28/cve-2021-35956
- https://www.akcp.com/support-center/customer-login/sensor-probe-firmware-changelog/
- http://packetstormsecurity.com/files/163343/AKCP-sensorProbe-SPX476-Cross-Site-Scripting.html
- http://www.akcp.in.th/downloads/Firmwares/SP480-20210624.zip
- https://tbutler.org/2021/06/28/cve-2021-35956
- https://www.akcp.com/support-center/customer-login/sensor-probe-firmware-changelog/
Products affected by CVE-2021-35956
-
cpe:2.3:h:akcp:sensorprobe2:-
-
cpe:2.3:h:akcp:sensorprobe4:-
-
cpe:2.3:h:akcp:sensorprobe8-x20:-
-
cpe:2.3:h:akcp:sensorprobe8-x60:-
-
cpe:2.3:h:akcp:sensorprobe8:-
-
cpe:2.3:o:akcp:sensorprobe2_firmware:-
-
cpe:2.3:o:akcp:sensorprobe4_firmware:-
-
cpe:2.3:o:akcp:sensorprobe8-x20_firmware:-
-
cpe:2.3:o:akcp:sensorprobe8-x60_firmware:-
-
cpe:2.3:o:akcp:sensorprobe8_firmware:-