CVE-2024-1707: XSS in GARO WALLBOX GLB+ T2EV7 0.5 Software Update Handler
CVE-2024-1707 Published on February 21, 2024
GARO WALLBOX GLB+ T2EV7 Software Update index.jsp#settings cross site scripting
A vulnerability, which was classified as problematic, was found in GARO WALLBOX GLB+ T2EV7 0.5. This affects an unknown part of the file /index.jsp#settings of the component Software Update Handler. The manipulation of the argument Reference leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254397 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2024-1707 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2024-1707
Want to know whenever a new CVE is published for Garo Wallbox Glb T2ev7 Firmware? stack.watch will email you.
Affected Versions
GARO WALLBOX GLB+ T2EV7 Version 0.5 is affected by CVE-2024-1707Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.