PT-2021-22914 · Airangel · Airangel Hsmx Gateway

Published

2021-11-10

Updated

2021-11-12

CVE-2021-40517

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Airangel HSMX Gateway devices through 5.2.04

Description The issue concerns stored Cross Site Scripting (XSS) where an XSS Payload is placed in the name column of the updates table using database access.

Recommendations For Airangel HSMX Gateway devices through 5.2.04, consider restricting database access to prevent the placement of malicious XSS Payloads in the name column of the updates table until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-40517

Affected Products

Airangel Hsmx Gateway

PT-2021-22914 · Airangel · Airangel Hsmx Gateway

CVE-2021-40517

Weakness Enumeration

Related Identifiers

Affected Products

References · 6