CVE-2023-48254

Name of the Vulnerable Software and Affected Versions Bosch Nexo cordless nutrunner and Bosch Nexo special cordless nutrunner (affected versions not specified) NEXO-OS (affected versions not specified)

Description The issue allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. This is due to a lack of protection for the web page structure. Exploitation of the issue may allow an attacker to cause a denial of service or execute arbitrary code using a specially crafted network request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.