CVE-2023-49563: storedxss-snmpwebpro1.1

1. ADVISORY INFORMATION

=======================

Product: SNMP Web Pro 1.1

Vendor URL: https://voltronicpower.com/

Type: CWE-22

Date found: 2023-05-12

Date published: 2023-07-20

CVSSv3 Score: 8.9 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:U/RC:C/CR:X/IR:X/AR:X/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:N/MI:H/MA:H)

2. CREDITS

==========

This vulnerability was discovered and researched by Ph4nt0mByt3.

3. VERSIONS AFFECTED

====================

SNMP Web Pro 1.1

4. INTRODUCTION

===============

SNMP Web Pro 1.1 is a web interface to control UPS systems

5. VULNERABILITY DETAILS

========================

The web server allows crafted requests to store javascript on the web server

6. PROOF OF CONCEPT

========================

NOT PUBLIC

7. SOLUTION

=======================

Enable HTTP Basic