← back
CVE-2021-35956

CVE-2021-35956

EPSS 3.2%
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.
Affected products
n/a · n/a
public PoCs found3
githubgithub.com/tcbutler320/CVE-2021-359561cve_referencepacketstormsecurity.com/files/163343/AKCP-sensorProbe-SPX476-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50080unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/163343/AKCP-sensorProbe-SPX476-Cross-Site-Scripting.htmlhttps://tbutler.org/2021/06/28/cve-2021-35956https://www.akcp.com/support-center/customer-login/sensor-probe-firmware-changelog/http://www.akcp.in.th/downloads/Firmwares/SP480-20210624.zip