Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-43686

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

Published

2024-10-04T20:15:06.960

Last Modified

2024-10-16T19:20:57.230

Status

Analyzed

Source

dc3f6da9-85b5-4a73-84a2-2ec90b40fca5

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	microchip	timeprovider_4100_firmware	< 2.4.7	Yes
Hardware	microchip	timeprovider_4100	-	No

References

https://www.gruppotim.it/it/footer/red-team.html Third Party Advisory (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5)
https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-reflected-xss-vulnerability Vendor Advisory (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5)