CVE-2023-42765 MEDIUM

CVE-2023-42765: Westermo Lynx Cross-site Scripting

Vendor Westermo

Product Lynx

Weakness CWE-79 · XSS

Published February 6, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration.

Key dates

02Disclosure timeline

February 6, 2024 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-42765

Related vulnerabilities

04Related CVE

CVE-2025-46916 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-4726 Campcodes Legal Case Management System clients cross site scripting CVE-2025-13531 Stylish Order Form Builder <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter CVE-2023-38214 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2025-31325 Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation)

Identifiers

CVE CVE-2023-42765

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions

Vendor Westermo

Product Lynx

Affected L206-F2G1

Vendor Westermo

Product Lynx

Affected 4.24