CVE-2021-23860 MEDIUM

CVE-2021-23860: Reflected Cross Site Scripting (XSS) vulnerability in Bosch VRM / BVMS

Vendor Bosch
Product BVMS
Weakness CWE-79 · XSS
Published December 8, 2021
Last update September 17, 2024

CVSS base score

5.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.

Key dates

02Disclosure timeline

December 8, 2021 CVE published
September 17, 2024 Record updated