CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-0554

A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.8%

CVSS Severity

CVSS v3 Score 5.5

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200

Products affected by CVE-2024-0554

Xantech » Wic1200 » Version: N/A

cpe:2.3:h:xantech:wic1200:-
Xantech » Wic1200 Firmware » Version: 1.1

cpe:2.3:o:xantech:wic1200_firmware:1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-0554

Products

Pricing

Contact Us