CVE-2023-5880

CVE-2023-5880: Cross-site Scripting (XSS) injected into Aladdin Connect garage door opener (Retrofit-Kit) configuration setup webserver console via broadcast SSID name

Vendor The Genie Company
Product Aladdin Connect (Retrofit-Kit)
Weakness CWE-79 · XSS
Published January 3, 2024
Last update August 27, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users' web browser. 

Key dates

02Disclosure timeline

January 3, 2024 CVE published
August 27, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-26528 WordPress Shipyaari Shipping Management Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) CVE-2019-25731 Zuz Music 2.1 Persistent Cross-site Scripting via zuzconsole Contact CVE-2026-47993 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2025-62963 WordPress Estatik plugin <= 4.3.1 - Cross Site Scripting (XSS) vulnerability CVE-2025-47034 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)