CVE-2024-43687
Title: Microchip Timeprovider 4100 Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)
Proof Of Concept
PoC Available for CVE-2024-43687
CWE Category
CWE-79
Published Date
Oct 04, 2024
Modified Date
Oct 16, 2024
Exploit Status
Available
Score
7.7
CVSS v4.0
Exploit Probability (EPSS)
2.58%
Vulnerability Summary
CVE-2024-43687: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
CVSS v4.0
Source Entity
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
Severity
HIGH
7.7
Attack Vector
ADJACENT
Complexity
HIGH
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
N/A
RAW VECTOR
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:X/U:Green
CVSS v3.1
Source Entity
[email protected]
Severity
MEDIUM
6.1
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
REQUIRED
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
CHANGED
RAW VECTOR
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2024-43687 Exploits & PoCs (Proof Of Concept)
Exploit-DB
https://www.exploit-db.com/exploits/52120
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
ADJACENT
Complexity
HIGH
Privileges
N/A
Interaction
NONE
CVSS Vector String
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:X/U:Green
Affected Stack
No specific products linked.