Arbitrary Code Execution via Cross Site Scripting (XSS) in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040

Arbitrary Code Execution via Cross Site Scripting (XSS) in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040

CVE-2023-34855 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi.

Learn more about our Web Application Penetration Testing UK.