CVE-2023-49296 | Arduino Create Agent up to 1.3.5 Web Interface /certificate.crt cross site scripting (GHSA-j5hc-wx84-844h)

Posted by Angelo Barbosa | Dec 14, 2023 | CVE

A vulnerability, which was classified as problematic, has been found in Arduino Create Agent up to 1.3.5. This issue affects some unknown processing of the file /certificate.crt of the component Web Interface. The manipulation leads to cross site scripting.

The identification of this vulnerability is CVE-2023-49296. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-49296 | Arduino Create Agent up to 1.3.5 Web Interface /certificate.crt cross site scripting (GHSA-j5hc-wx84-844h)

Related Posts

CVE-2024-43792 | Halo up to 2.16.x cross site scripting

CVE-2024-4626 | JetWidgets for Elementor Plugin up to 1.0.17 on WordPress layout_type/id cross site scripting

CVE-2024-37079 | VMware vCenter Server/Cloud Foundation DCERPC heap-based overflow

CVE-2024-28760 | IBM App Connect Enterprise up to 11.0.0.25/12.0.12.0 Dashboard allocation of resources (XFDB-285244)