CVE Published: 16/01/2024 |
CVE Updated: 01/08/2024 |
CVE Year: 2024 Source: INCIBE |
Vendor: Full Compass Systems |
Product: WIC1200 Status : PUBLISHED
CVE-2024-0554 Description
A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via \'/setup/diags_ir_learn.asp\', allowing the attacker to retrieve the session details of another user.
Metrics
CVSS Version: 3.1 |
Base Score: 5.5 MEDIUM Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L