Advantech ADAM 5550 XSS in Logs Page
CVE-2024-38308 Published on September 27, 2024

Advantech ADAM-5550 Cross-site Scripting
Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2024-38308 has been classified to as a XSS vulnerability or weakness.

Products Associated with CVE-2024-38308

Want to know whenever a new CVE is published for Advantech Adam 5550 Firmware? stack.watch will email you.

Advantech Adam 5550 Firmware

Affected Versions

Advantech ADAM 5550 Version all versions is affected by CVE-2024-38308

Exploit Probability

EPSS

0.14%

Percentile

34.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Advantech ADAM 5550 XSS in Logs PageCVE-2024-38308 Published on September 27, 2024

Vulnerability Analysis

Weakness Type

What is a XSS Vulnerability?

Products Associated with CVE-2024-38308

Affected Versions

Exploit Probability

Advantech ADAM 5550 XSS in Logs Page
CVE-2024-38308 Published on September 27, 2024