PT-2023-25036 · Youxun Electronic Equipment (Shanghai) Co. · Ac Centralized Management Platform
Hashshfza
·
Published
2023-06-12
·
Updated
2023-06-21
·
CVE-2023-34855
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform version 1.02.040
Description
A Cross Site Scripting (XSS) issue allows attackers to execute arbitrary code via uploading a crafted HTML file to the "upfile.cgi" API endpoint.
Recommendations
For version 1.02.040, consider disabling the file upload functionality to the "upfile.cgi" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using this interface until the issue is resolved.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ac Centralized Management Platform