CVE-2023-36146

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jun 30, 2023

Updated: Jul 7, 2023

CWE ID 79

Summary

CVE-2023-36146 is a newly discovered Stored Cross-Site Scripting (XSS) vulnerability affecting Multilaser RE 170 with firmware version 2.2.6733. An attacker can exploit this flaw by injecting malicious scripts into a web application, which in turn are stored in the affected system. Upon subsequent access to the compromised web page, the malicious scripts are executed, allowing the attacker to steal sensitive user data or carry out other malicious activities. Users are advised to update their firmware to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Multilaser

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rvvFyh
https://www.cve.org/CVERecord?id=CVE-2023-36146
https://nvd.nist.gov/vuln/detail/CVE-2023-36146

Back to Vulnerability Database

CVE-2023-36146

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations