PT-2024-25482 · Netis Systems · Netis-Systems Mex605
Published
2024-05-03
·
Updated
2024-07-03
·
CVE-2024-33791
CVSS v3.1
4.6
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
netis-systems MEX605 version 2.00.06
Description
A cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
getTimeZone function. This enables attackers to potentially manipulate the web application's behavior or steal user data.Recommendations
For netis-systems MEX605 version 2.00.06, consider disabling the
getTimeZone function until a patch is available to prevent exploitation. Restrict access to the vulnerable function to minimize the risk of arbitrary script execution.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netis-Systems Mex605