SINEC NMS V<2.0 XSS via SNMP Config Data
CVE-2023-44315 Published on October 10, 2023
A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2023-44315 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2023-44315
Want to know whenever a new CVE is published for Siemens Sinec Nms? stack.watch will email you.
Affected Versions
Siemens SINEC NMS:- Before V2.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.