CVE-2024-57237

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Type of text/html. This behavior allows the browser to execute injected JavaScript code.

Related Vulnerabilities

CVE-2018-15641

MEDIUM
CVSS:6.3(Medium)

Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in t...

CWE-792018

CVE-2018-21155

MEDIUM
CVSS:6.3(Medium)

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0....

CWE-792018

CVE-2018-6495

MEDIUM
CVSS:6.3(Medium)

Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser...

CWE-792018

CVE-2020-13965

MEDIUM
CVSS:6.3(Medium)

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.

CWE-792020

CVE-2020-36085

MEDIUM
CVSS:6.3(Medium)

Stored Cross Site Scripting(XSS) vulnerability in Egavilan Media Resumes Management and Job Application Website 1.0 allows remote attackers to inject arbitrary code via First and Last Name in Apply Fo...

CWE-792020

CVE-2020-7747

MEDIUM
CVSS:6.3(Medium)

This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.

CWE-792020