CVE-2023-49258

CVE-2023-49258: Reflected cross-site scripting vulnerability

Vendor Hongdian
Product H8951-4G-ESP
Weakness CWE-79 · XSS
Published January 12, 2024
Last update June 3, 2025

CVSS base score

What the vulnerability does

01Description

User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter.

Key dates

02Disclosure timeline

January 12, 2024 CVE published
June 3, 2025 Record updated

Related vulnerabilities

04Related CVE