CVE-2023-2395 MEDIUM

CVE-2023-2395: Netgear SRX5308 Web Management Interface cross site scripting

Vendor Netgear
Product SRX5308
Weakness CWE-79 · XSS
Published April 28, 2023
Last update February 12, 2025
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

April 28, 2023 CVE published
February 12, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-47762 TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments CVE-2024-10057 RSS Feed Widget <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rfw-youtube-videos Shortcode CVE-2022-34218 AEM Reflected XSS Arbitrary code execution CVE-2023-31407 Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation CVE-2024-43795 OpenC3 COSMOS vulnerable to cross-site scripting in Login functionality (`GHSL-2024-128`)