Vulnerability Details CVE-2024-55040
Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code via a crafted GET requests to /@.xml, placing payloads in the g7200, g7300, g4601, and g1F02 parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.8%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2024-55040
-
cpe:2.3:h:sensaphone:web600:-
-
cpe:2.3:o:sensaphone:web600_firmware:*