Vulnerability Details CVE-2023-2521
A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formFilter of the component POST Request Handler. The manipulation of the argument url with the input <svg onload=alert(1337)> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228012. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.4%
CVSS Severity
CVSS v3 Score 3.5
CVSS v2 Score 4.0
References
Products affected by CVE-2023-2521
-
cpe:2.3:h:ez-net:next-7004n:-
-
cpe:2.3:o:ez-net:next-7004n_firmware:3.0.1