CVE-2023-48248 Information

Description

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL HTTP request or simply by waiting for the victim to view the poisoned file.

Reference

https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html