CVE-2024-3776

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
15/04/2024
Last modified:
08/04/2025

Description

The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:netvision:airpass:2.9.0.231006:*:*:*:*:*:*:*