CVE-2024-8457 Information
Oct 01, 2024
cve
Description
Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters allowing remote authenticated users with administrator privileges to inject arbitrary JavaScript leading to Stored XSS attack.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Reference
https://www.twcert.org.tw/tw/cp-132-8063-01634-1.html https://www.twcert.org.tw/en/cp-139-8064-70255-2.html
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
4.8
Share on: