CVE-2024-5420

EUVD-2024-46642
Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
sehutnserver_pro
𝑥
≤ 20.1.22
ADP
sehutnserver_promax
𝑥
≤ 20.1.22
ADP
sehinu-100
𝑥
≤ 20.1.22
ADP
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2024/Jun/4
https://cyberdanube.com/security-research/multiple-vulnerabilities-in-seh-untserver-pro/
http://seclists.org/fulldisclosure/2024/Jun/4
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/index.html