Unrated severityNVD Advisory· Published Jul 6, 2023· Updated Nov 4, 2025
CVE-2023-24497
CVE-2023-24497
Description
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the remote_subnet field of the database
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Milesight/MilesightVPNv5Range: v2.0.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.