CVE-2023-28648

Name of the Vulnerable Software and Affected Versions Osprey Pump Controller version 1.01

Description The issue exists due to inadequate protection of the web page structure, allowing a remote attacker to execute arbitrary code. Specifically, inputs passed to a GET parameter are not properly sanitized before being returned to the user, which can be exploited to execute arbitrary HTML/JS code in a user's browser session.

Recommendations For Osprey Pump Controller version 1.01, ensure that inputs passed to GET parameters are properly sanitized to prevent exploitation. As a temporary workaround, consider restricting access to the affected site or disabling the execution of HTML/JS code in the user's browser session until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.