CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-28648

Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.6%

CVSS Severity

CVSS v3 Score 7.5

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-06
https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-06

Products affected by CVE-2023-28648

Propumpservice » Osprey Pump Controller » Version: N/A

cpe:2.3:h:propumpservice:osprey_pump_controller:-
Propumpservice » Osprey Pump Controller Firmware » Version: 1.01

cpe:2.3:o:propumpservice:osprey_pump_controller_firmware:1.01

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-28648

Products

Pricing

Contact Us