CVE-2023-44315

Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to V2.0

Description The issue arises from the improper sanitization of certain SNMP configuration data retrieved from monitored devices. This could allow an attacker with access to a monitored device to prepare a stored cross-site scripting (XSS) attack, potentially leading to unintentional modification of application data by legitimate users. The vulnerability may be exploited by a remote attacker to conduct an XSS attack.

Recommendations For versions prior to V2.0, update to version V2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to monitored devices to minimize the risk of exploitation. Avoid using the affected SNMP configuration data in the application until the issue is resolved.