Vulnerability Details CVE-2023-48248
The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.1%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2023-48248
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_(0608842012):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_(0608842011):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_(0608842006):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_(0608842001):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_(0608842007):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_(0608842002):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_(0608842008):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_(0608842003):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_(0608842014):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_(0608842013):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_(0608842010):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_(0608842005):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_(0608842016):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_(0608842015):-
-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_(0608pe2272):-
-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_(0608pe2301):-
-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_(0608pe2514):-
-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_(0608pe2515):-
-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_(0608pe2666):-
-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_(0608pe2673):-
-
cpe:2.3:o:bosch:nexo-os:1000
-
cpe:2.3:o:bosch:nexo-os:1500-sp2