CVE-2024-55040

Published
View on NVD ↗
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code via a crafted GET requests to /@.xml, placing payloads in the g7200, g7300, g4601, and g1F02 parameters.

tcbutler320/CVE-2024-55040-Sensaphone-XSS
tcbutler320/CVE-2024-55040-Sensaphone-XSS
Public disclose of several stored XSS vulnerabilities in the Sensaphone WEB600 (CVE-2024-55040)
GitHubGitHub
1