Unrated severityNVD Advisory· Published Jul 6, 2023· Updated Nov 4, 2025
CVE-2023-24496
CVE-2023-24496
Description
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Milesight/MilesightVPNv5Range: v2.0.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.