Iván Alonso Álvarez

**Name of the Vulnerable Software and Affected Versions** Westermo Lynx (affected versions not specified) **Description** A potential attacker with access to the Westermo Lynx device could execute malicious code, affecting the device's correct functioning. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Westermo Lynx (affected versions not specified) **Description** An attacker with access to the Westermo Lynx web application could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the `forward.0.domain` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Westermo Lynx (affected versions not specified) **Description** A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue involves a cross-site request forgery token in the request that may be predictable or easily guessable, allowing attackers to craft a malicious request. This could be triggered by a victim unknowingly, leading to the victim user carrying out an action unintentionally in a successful attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the `autorefresh` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the `dns.0.server` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Westermo Lynx 206-F2G (affected versions not specified) **Description** An attacker with access to the network where the affected devices are located could maliciously take actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.