CVE-2024-5420: Stored Cross-Site Scripting in SEH Computertechnik utnserver Pro

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-5420

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Stored Cross-Site Scripting in SEH Computertechnik utnserver Pro

Source: NVD (National Vulnerability Database)

Vulnerability Description

Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

多款SEH产品跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SEH utnserver Pro是美国SEH公司的一个 USB 设备。多款SEH产品存在跨站脚本漏洞，该漏洞源于网络界面缺少输入验证，允许跨站脚本攻击。以下产品及版本受到影响：SEH Computertechnik utnserver Pro、SEH Computertechnik utnserver ProMAX、SEH Computertechnik INU-100 20.1.22及之前版本。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
SEH Computertechnik	utnserver Pro	0 ~ 20.1.22	-
SEH Computertechnik	utnserver ProMAX	0 ~ 20.1.22	-
SEH Computertechnik	INU-100	0 ~ 20.1.22	-

II. Public POCs for CVE-2024-5420

#	POC Description	Source Link	Shenlong Link
1	SEH utnserver Pro/ProMAX / INU-100 20.1.22 - XSS	https://github.com/fa-rrel/CVE-2024-5420-XSS	POC Details
2	None	https://github.com/K4yd0/CVE-2024-5420_XSS	POC Details
3	SEH utnserver Pro/ProMAX / INU-100 20.1.22 - XSS	https://github.com/gh-ost00/CVE-2024-5420-XSS	POC Details
4	A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. This flaw allows stored cross-site scripting (XSS), enabling attackers to inject JavaScript code. The attack can be executed remotely by tricking victims into visiting a malicious website, potentially leading to session hijacking. This vulnerability is publicly disclosed and identified as CVE-2024-5420.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-5420.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-5420

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: utnserver Pro

Same vendor: SEH Computertechnik

Same weakness: CWE-79

V. Comments for CVE-2024-5420

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2024-5420

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-5420

III. Intelligence Information for CVE-2024-5420

IV. Related Vulnerabilities

V. Comments for CVE-2024-5420

Leave a comment