CVE-2023-24496 MEDIUM

CVE-2023-24496

Vendor Milesight
Product MilesightVPN
Weakness CWE-80 · XSS · basic
Published July 6, 2023
Last update November 4, 2025

CVSS base score

4.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.

Key dates

02Disclosure timeline

July 6, 2023 CVE published
November 4, 2025 Record updated