← voltar
CVE-2021-23860

Reflected Cross Site Scripting (XSS) vulnerability in Bosch VRM / BVMS

CVSS 5 MEDIUMEPSS 0.5%CWE-79
An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Produtos afetados
Bosch · BVMSBosch · DIVAR IP 7000 R2Bosch · DIVAR IP all-in-one 5000Bosch · DIVAR IP all-in-one 7000Bosch · VRM

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html