Vulnerability Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update package MPA2 firmware R1.00.08.05 which addresses this vulnerability. This version and all later versions correct the reported vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Honeywell | Mpa2 Firmware | < R1.00.08.05 |
| Honeywell | Mpa2 | All versions |
Related Weaknesses (CWE)
References
- https://buildings.honeywell.com/us/en/brands/our-brands/security/support-and-resVendor Advisory
- https://https://www.honeywell.com/us/en/product-securityVendor Advisory
- https://buildings.honeywell.com/us/en/brands/our-brands/security/support-and-resVendor Advisory
- https://https://www.honeywell.com/us/en/product-securityVendor Advisory
FAQ
What is CVE-2023-1841?
CVE-2023-1841 is a vulnerability with a CVSS score of 8.1 (HIGH). Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue af...
How severe is CVE-2023-1841?
CVE-2023-1841 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-1841?
Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Mpa2 Firmware, Honeywell Mpa2.