Security Advisory

CVE-2023-28648

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-28 20:06:56

Last updated 2025-01-16 21:38:05

Assigner icscert

State PUBLISHED

Description

Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a users browser session in context of an affected site.

← Browse all CVEs View on cve.org ↗