CVE-2023-1841

Name of the Vulnerable Software and Affected Versions Honeywell MPA2 Access Panel versions prior to R1.00.08.05

Description The issue is related to improper neutralization of input during web page generation, which allows cross-site scripting (XSS) using invalid characters. This can be exploited through the web server modules of the Honeywell MPA2 Access Panel.

Recommendations For versions prior to R1.00.08.05, update to firmware version R1.00.08.05 or later to resolve the issue. As a temporary workaround, consider restricting access to the web server modules until the update can be applied.