CVE-2023-33276

Name of the Vulnerable Software and Affected Versions Gira Giersiepen Gira KNX/IP-Router versions 3.1.3683.0 through 3.3.8.0

Description The web interface of the affected software responds with a "404 - Not Found" status code when accessing a non-existent path, and the value of the path is reflected in the response. The application is vulnerable to reflective cross-site scripting (XSS) because it reflects the supplied path without context-sensitive HTML encoding.

Recommendations For versions 3.1.3683.0 through 3.3.8.0, consider disabling access to the web interface until a patch is available to prevent reflective cross-site scripting (XSS) attacks. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the web interface to access non-existent paths until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.