Netvision airPASS - Reflected XSS
Description
An unauthenticated reflected XSS vulnerability in Netvision airPASS login page allows remote attackers to inject arbitrary JavaScript.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated reflected XSS vulnerability in Netvision airPASS login page allows remote attackers to inject arbitrary JavaScript.
Vulnerability
The login page of Netvision airPASS (all versions prior to the fix) does not properly sanitize user input in a parameter. An unauthenticated remote attacker can inject arbitrary JavaScript code that reflects in the response, leading to a reflected cross-site scripting (XSS) vulnerability. The specific parameter is not disclosed in the available references [1].
Exploitation
An attacker crafts a malicious URL containing the injected JavaScript in the vulnerable parameter. The target must click the link. No authentication is required, and the attacker does not need any special network position [1].
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser session on the airPASS login page. This can lead to session hijacking, credential theft, or defacement of the page. The impact is limited to the browser session and does not directly affect server-side components [1].
Mitigation
As of the publication date (2024-04-15), the vendor has not released a patched version. No workaround is provided in the available references. Users should monitor the vendor's website for updates [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Netvision/airPASSv5Range: earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.twcert.org.tw/tw/cp-132-7730-584e3-1.htmlmitrethird-party-advisory
News mentions
0No linked articles in our index yet.