CVE-2023-49258 Information

Description

User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at /gui/terminal_tool.cgi\ in the \data\ parameter.

Reference

https://cert.pl/en/posts/2024/01/CVE-2023-49253/ https://cert.pl/posts/2024/01/CVE-2023-49253/