Vulnerability Details CVE-2023-24497
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the remote_subnet field of the database
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.9%
CVSS Severity
CVSS v3 Score 4.7
References