CVE-2023-51724 MEDIUM

CVE-2023-51724: Stored Cross Site Scripting Vulnerability in Skyworth Router

Vendor Hathway

Product Skyworth Router CM5100

Weakness CWE-79 · XSS

Published January 17, 2024

Last update June 17, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N

What the vulnerability does

01Description

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the URL parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.

Key dates

02Disclosure timeline

January 17, 2024 CVE published

June 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-51724

Related vulnerabilities

04Related CVE

CVE-2025-32192 WordPress Ultra Addons Lite for Elementor plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability CVE-2025-23588 WordPress WOW Best CSS Compiler plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-37944 WordPress WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin <= 5.9.1 - Cross Site Scripting (XSS) vulnerability CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header CVE-2023-5793 flusity CMS Dashboard customblock.php loadCustomBlocCreateForm cross site scripting