CVE-2024-3576 HIGH

CVE-2024-3576: NPort 5100A Series Store XSS Vulnerability

Vendor Moxa

Product NPort 5100A Series

Weakness CWE-79 · XSS

Published May 6, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

8.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges.

Key dates

02Disclosure timeline

May 6, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-3576

Related vulnerabilities

04Related CVE

CVE-2024-22160 WordPress Image Tag Manager Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS) CVE-2025-4943 LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter CVE-2024-44051 WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.5 - Cross Site Scripting (XSS) vulnerability CVE-2022-2087 SourceCodester Bank Management System cross site scripting CVE-2021-24918 Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS