CVE-2023-48248 MEDIUM

CVE-2023-48248

Vendor Rexroth
Product Nexo cordless nutrunner NXA015S-36V (0608842001)
Weakness CWE-79 · XSS
Published January 10, 2024
Last update June 17, 2025
View on NVD All CVEs

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file.

Key dates

02Disclosure timeline

January 10, 2024 CVE published
June 17, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-33329 WordPress Custom Post Type Generator Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS) CVE-2022-2149 Very Simple Breadcrumb <= 1.0 - Admin+ Stored Cross-Site Scripting CVE-2024-2066 SourceCodester Computer Inventory System add-computer.php cross site scripting CVE-2025-39497 WordPress Dokan Pro plugin <= 3.14.5 - Cross Site Scripting (XSS) vulnerability CVE-2024-12933 code-projects Simple Admin Panel updateItemController.php cross site scripting