Milesight · Milesight Ur32L · CVE-2023-43260
**Name of the Vulnerable Software and Affected Versions**
Milesight UR5X, UR32L, UR32, UR35, UR41 versions prior to 35.3.0.7
**Description**
A cross-site scripting (XSS) issue was discovered in the admin panel of the affected devices. This issue allows for malicious scripts to be injected into the website, potentially leading to unauthorized access or control.
**Recommendations**
For Milesight UR5X, UR32L, UR32, UR35, UR41 versions prior to 35.3.0.7, update to version 35.3.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin panel until a patch is applied.