Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application.
References
Link | Resource |
---|---|
https://www.hughes.com | Vendor Advisory |
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5743.php | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
06 Feb 2023, 17:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CWE | CWE-79 | |
CPE | cpe:2.3:o:hughes:hx90_firmware:6.11.0.5:*:*:*:*:*:*:* cpe:2.3:o:hughes:hx200_firmware:8.3.1.14:*:*:*:*:*:*:* cpe:2.3:o:hughes:hn7000s_firmware:6.9.0.37:*:*:*:*:*:*:* cpe:2.3:h:hughes:hx200:-:*:*:*:*:*:*:* cpe:2.3:o:hughes:hx50l_firmware:6.10.0.18:*:*:*:*:*:*:* cpe:2.3:h:hughes:hn7000s:-:*:*:*:*:*:*:* cpe:2.3:h:hughes:hx50l:-:*:*:*:*:*:*:* cpe:2.3:h:hughes:hn9460:-:*:*:*:*:*:*:* cpe:2.3:o:hughes:hn9460_firmware:8.2.0.48:*:*:*:*:*:*:* cpe:2.3:h:hughes:hx90:-:*:*:*:*:*:*:* |
|
First Time |
Hughes
Hughes hx90 Hughes hx50l Firmware Hughes hx200 Firmware Hughes hn7000s Firmware Hughes hn9460 Firmware Hughes hx200 Hughes hx50l Hughes hn9460 Hughes hx90 Firmware Hughes hn7000s |
|
References | (MISC) https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5743.php - Exploit, Third Party Advisory | |
References | (MISC) https://www.hughes.com - Vendor Advisory |
26 Jan 2023, 21:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-26 21:18
Updated : 2023-12-10 14:48
NVD link : CVE-2023-22971
Mitre link : CVE-2023-22971
CVE.ORG link : CVE-2023-22971
JSON object : View
Products Affected
hughes
- hx90
- hn9460_firmware
- hx50l_firmware
- hn7000s_firmware
- hx200
- hn9460
- hx200_firmware
- hx90_firmware
- hn7000s
- hx50l
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')