VYPR

Lynx

by Westermo

CVEs (8)

  • CVE-2023-40143Feb 6, 2024
    risk 0.00cvss epss 0.00

    An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter.

  • CVE-2023-45735Feb 6, 2024
    risk 0.00cvss epss 0.01

    A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.

  • CVE-2023-45222Feb 6, 2024
    risk 0.00cvss epss 0.00

    An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter.

  • CVE-2023-45213Feb 6, 2024
    risk 0.00cvss epss 0.00

    A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.

  • CVE-2023-42765Feb 6, 2024
    risk 0.00cvss epss 0.00

    An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration.

  • CVE-2023-40544Feb 6, 2024
    risk 0.00cvss epss 0.00

    An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications.

  • CVE-2023-45227Feb 6, 2024
    risk 0.00cvss epss 0.00

    An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter.

  • CVE-2023-38579Feb 6, 2024
    risk 0.00cvss epss 0.00

    The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to…