Unrated severityNVD Advisory· Published Nov 28, 2023· Updated Oct 17, 2024

Stored Cross Site Scripting in webserver administration

CVE-2023-4667

Description

The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface.

The root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware.

This could lead to unauthorized access and data leakage

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Idemia/Morpho Wave Compactcpe-rescue
Range: 0
IDEMIA/MorphoWave SPv5
Range: 0
IDEMIA/SIGMA Extremev5
Range: 0
IDEMIA/SIGMA Lite & Lite +v5
Range: 0
IDEMIA/SIGMA Widev5
Range: 0
Idemia/VisionPasscpe-rescue
Range: 0

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Stored Cross Site Scripting in webserver administration

Description

AI Insight

Affected products

Patches

Vulnerability mechanics

References

News mentions