PT-2021-11740 · Digisol · Digisol Dg-Hr3400

Sayli Ambure

Published

2021-01-06

Updated

2021-01-09

CVE-2020-35262

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Digisol DG-HR3400 (affected versions not specified)

Description: The issue is a Cross Site Scripting (XSS) vulnerability that can be exploited via the NTP server name in the Time and date module and the Keyword in the URL Filter. This allows for potential malicious script execution.

Recommendations: As a temporary workaround, consider restricting access to the Time and date module and the URL Filter to minimize the risk of exploitation. Avoid using the Keyword in the URL Filter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-35262

Affected Products

Digisol Dg-Hr3400

PT-2021-11740 · Digisol · Digisol Dg-Hr3400

CVE-2020-35262

Weakness Enumeration

Related Identifiers

Affected Products

References · 6