← back
CVE-2023-34412

Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250

CVSS 4.8 MEDIUMEPSS 0.3%CWE-79
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Affected products
Helmholz · REX 200Helmholz · REX 250Red Lion Europe · mbNETRed Lion Europe · mbNET.rokey

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert.vde.com/en/advisories/VDE-2023-012/https://cert.vde.com/en/advisories/VDE-2023-029/