CVE-2022-24654 — MEDIUM (5.4)

Vulnerability Description

Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Intelbras	Ata 200 Firmware	74.19.10.21
Intelbras	Ata 200	-

Related Weaknesses (CWE)

CWE-79

References

http://intelbras.comProduct
https://github.com/leonardobg/CVE-2022-24654ExploitThird Party Advisory
https://packetstormsecurity.com/files/168064/Intelbras-ATA-200-Cross-Site-ScriptExploitThird Party AdvisoryVDB Entry
http://intelbras.comProduct
https://github.com/leonardobg/CVE-2022-24654ExploitThird Party Advisory
https://packetstormsecurity.com/files/168064/Intelbras-ATA-200-Cross-Site-ScriptExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2022-24654?

CVE-2022-24654 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted pay...

How severe is CVE-2022-24654?

CVE-2022-24654 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-24654?

Check the references section above for vendor advisories and patch information. Affected products include: Intelbras Ata 200 Firmware, Intelbras Ata 200.