PT-2025-5686 · Sensaphone · Sensaphone Web600
Published
2025-02-05
·
Updated
2025-07-21
·
CVE-2024-55040
CVSS v3.1
6.1
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
XSS
Weakness Enumeration
Related Identifiers
Affected Products
Sensaphone Web600
Published
2025-02-05
·
Updated
2025-07-21
·
CVE-2024-55040
6.1
Medium
| Base vector | Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Sensaphone Web600 (affected versions not specified)
Description:
The issue concerns stored cross-site scripting (XSS) in the system's Setup, Profile, and Zone options. This means that an attacker could potentially inject malicious code into these areas, which would then be executed by the system.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS